Apple apologizes to researchers for ignoring iOS vulnerability, says it's 'still under investigation'

[[426215]]

According to MacRumors on September 28, last week, security researcher Denis Tokarev disclosed several iOS vulnerabilities. He also said that Apple ignored his reports and did not fix these problems for several months.

Today, Tokarev said that Apple contacted him after he went public with his complaint, and in an email, Apple apologized for its previous neglect and said it was "still investigating" the issues.

Apple said in the email:

We saw your blog post and your other reports about this issue. We apologize for the delay in responding. We wanted to let you know that we are still investigating these issues and how we can address them to protect customers. Thanks again for taking the time to report these issues to us, and we appreciate your help. If you have any questions, please let us know.

Apple did fix one of the vulnerabilities in iOS 14.7. But three others remain unresolved, including a Game Center vulnerability that allegedly allowed any app installed from the App Store to access your full Apple ID email and name, Apple ID, contact list, and more.

Tokarev reportedly first contacted Apple about the vulnerabilities between March 10 and May 4, so Apple had several months to release a patch.

But it’s worth noting that some security researchers and Tokarev himself have confirmed that these vulnerabilities are not very important, because in order to exploit them, a malicious application must first be approved by the App Store.