Apple Apologizes to Researcher for Ignoring iOS Vulnerabilities, Says It's 'Still Investigating'

by

Last week, security researcher Denis Tokarev made several zero-day iOS vulnerabilities public after he said that Apple had ignored his reports and had failed to fix the issues for several months.

iPhone 13 Security
Tokarev today told Motherboard that Apple got in touch after he went public with his complaints and after they saw significant media attention. In an email, Apple apologized for the contact delay and said that it is "still investigating" the issues.

"We saw your blog post regarding this issue and your other reports. We apologize for the delay in responding to you," an Apple employee wrote. "We want to let you know that we are still investigating these issues and how we can address them to protect customers. Thank you again for taking the time to report these issues to us, we appreciate your assistance. Please let us know if you have any questions."

Apple did fix one of the vulnerabilities in iOS 14.7, but did not provide Tokarev with credit. Three others remain unaddressed, including a Game Center bug that allegedly allows any app installed from the App Store to access full Apple ID email and name, ‌Apple ID‌ authentication tokens, lists of contacts, and some attachments.

Details on all of the zero-day vulnerabilities have been published publicly by Tokarev, which may prompt Apple to fix them faster.

Tokarev first contacted Apple about these bugs between March 10 and May 4, so Apple has had months to issue patches, but it's worth noting that several security researchers and Tokarev himself have confirmed that the bugs are not highly critical as exploiting them would require a malicious app to first receive ‌App Store‌ approval.

Still, experts have criticized Apple's response and its bug bounty program. Cybersecurity expert Katie Moussouris told Motherboard that Apple's handling of the process is "not normal and should not be considered normal," while researcher Nicholas Ptacek said that Apple's response comes across as a "reaction to bad press."

Earlier this month, The Washington Post interviewed more than two dozen security researchers to expose the flaws in Apple's bug bounty program. Researchers said that Apple is slow to fix bugs and doesn't always pay out what's owed, leading researchers to be unhappy with Apple's program.

At the time, Apple's Head of Security Engineering and Architecture, Ivan Krstić, said that Apple is "planning to introduce new rewards for researchers" to expand participation, and that Apple is working toward offering new and even better research tools.

Tags: Apple Security, Vulnerabiltiies

Popular Stories

iPhone 17 Pro Render Front Page Tech

iPhone 17 Pro Launching Later This Year With These 10 New Features

Sunday March 23, 2025 10:00 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. iPhone 17 Pro's alleged design via Front Page Tech Below, we recap key changes rumored for the iPhone 17 Pro models as of March 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone...
Read Full Article230 comments
iCloud General Feature Redux

iPhone Users Who Pay for iCloud Storage Receive a New Perk

Thursday March 20, 2025 12:01 am PDT by
If you pay for iCloud storage on your iPhone, Apple has a new perk for you, at no additional cost. The new perk is the ability to create invitations in the Apple Invites app for the iPhone, which launched in the App Store last month. In the Apple Invites app, iCloud+ subscribers can create invitations for any occasion, such as birthday parties, graduations, baby showers, and more. Anyone ...
Read Full Article30 comments
iOS 18

Top 5 New Features Coming in iOS 18.4

Friday March 21, 2025 3:26 pm PDT by
We're not getting new Siri Apple Intelligence features in iOS 18.4 as expected, but the upcoming update does have quite a few new additions that will be worth upgrading for. We've rounded up the five best features to look forward to, and if you're not running the beta, you can expect to get access to these in early April. Priority Notifications If you have an iPhone or iPad that supports...
Read Full Article90 comments
Generic iOS 19 Feature Mock

iOS 19 Coming in June With These New Features

Thursday March 20, 2025 2:04 pm PDT by
While the first iOS 19 beta is still more than two months away, there are already plenty of rumors about the upcoming software update. Below, we recap the key iOS 19 rumors so far. visionOS-Like Design In January, the YouTube channel Front Page Tech revealed a redesigned Camera app that is allegedly planned for iOS 19. According to Front Page Tech host Jon Prosser, the Camera app...
Read Full Article45 comments
Generic iOS 18

Apple Seeds iOS 18.4 and iPadOS 18.4 Release Candidate With Priority Notifications, Ambient Music and More

Monday March 24, 2025 10:07 am PDT by
Apple today seeded the release candidate versions of upcoming iOS 18.4 and iPadOS 18.4 updates to developers for testing purposes, with the software coming a week after Apple released the fourth betas. iOS 18.4 and iPadOS 18.4 can be downloaded from the Settings app on a compatible device by going to General > Software Update. With iOS 18.4, Apple is adding the Priority Notifications...
Read Full Article49 comments
airpods max 2024 colors

Don't Buy Into Apple's Hype About AirPods Max Gaining Lossless Audio

Monday March 24, 2025 4:24 pm PDT by
Apple today announced that AirPods Max with a USB-C port will be gaining support for lossless audio and ultra-low latency audio with a firmware update next month, alongside the release of iOS 18.4, iPadOS 18.4, and macOS 15.4. For context, audio files are typically compressed to keep file sizes smaller. There are lossy compression standards like MP3, and Apple's own Advanced Audio Codec...
Read Full Article249 comments
Foldable iPhone 2023 Feature Iridescent Search

Foldable iPhone Expected to Launch Next Year, Costing Around $2,000

Monday March 24, 2025 3:43 am PDT by
Apple will launch its long-rumored foldable iPhone next year with a ~$2,000 premium price tag attached, expects well-connected Bloomberg reporter Mark Gurman. Gurman's comments on Apple's launch plans for its first foldable device appeared in the Q&A section of his latest Power On newsletter. Earlier this month, the reporter said Apple's foldable iPhone could be arriving "as early as 2026,"...
Read Full Article155 comments
iOS 19 Rounded UI Elements Light

iOS 19: What to Expect From Apple's Dramatic Design Overhaul?

Monday March 24, 2025 9:47 am PDT by
Earlier this month, Bloomberg reported that Apple is planning "one of the most dramatic software overhauls in the company's history" – an update that aims to bring iOS, iPadOS, and macOS into closer visual alignment. The redesign is said to be "loosely based" on visionOS, the software behind Apple's Vision Pro headset, and will reportedly update the look of icons, menus, apps, windows, and...
Read Full Article110 comments

Top Rated Comments

Realityck Avatar
Realityck
46 months ago
No question that Apple needs to greatly improve on their interaction with bug bounty participants.
Score: 35 Votes (Like | Disagree)
code-m Avatar
code-m
46 months ago
Stop creating more issues with your users with CSAM and patch the existing vulnerabilities. I feel CSAM is just another hole to be exploited in the future.
Score: 33 Votes (Like | Disagree)
Mr. Dee Avatar
Mr. Dee
46 months ago
So, to get Apples attention these days you have to use the ‘go to the media whipping belt’.
Score: 22 Votes (Like | Disagree)
MathersMahmood Avatar
MathersMahmood
46 months ago
My gosh not a good week for Tim Apple is it.
Score: 18 Votes (Like | Disagree)
Apple_Robert Avatar
Apple_Robert
46 months ago
Looks like Apple was attempting some damage control. No excuse for Apple ignoring someone pointing out important vulnerabilities in the OS.
Score: 15 Votes (Like | Disagree)
6787872 Avatar
6787872
46 months ago
apple has one of, if not the worst bounty programs i've ever seen. i wonder how many vulnerabilities are being sold on the dark web because apple is too cheap. and i don't even blame the hackers. finding these takes a lot of time and skill.

i've been out of it for a while now but untethered jailbreaks used to be worth a million. probably more now.
Score: 13 Votes (Like | Disagree)
Read All Comments