Apple apologizes for ignoring iOS 15 zero-day flaws, after researcher went public

To curtail bad press, Apple apologized to the frustrated cyber security researcher Denis Tokarev aka @

apple - iOS 15

 

Zero-day exploits in iOS have received a lot of attention, recently, after Amnesty International published a new database of the victims attacked by Pegasus spyware. Developed by Israeli-based company NSO, Pegasus uses these zero-day vulnerabilities which do not require any action from the victims to take control of the latest iPhones, simply by sending a text message. Subsequent reports have questioned Apple’s iPhone security and the company’s will to prevent such attacks.

Apple apologies for ignoring three zero-day flaws in iOS 15 and quietly fixes them

In his disclosure blog post, Tokarev mentions that Apple has apologized to him for the delay and said it is investigating the matter “exactly 24 hours after this publication I finally received a reply from Apple.”

We apologize for the delay in responding to you,” an Apple employee wrote. “We want to let you know that we are still investigating these issues and how we can address them to protect customers. Thank you again for taking the time to report these issues to us, we appreciate your assistance. Please let us know if you have any questions.”

Apple - iOS 15

However, it is not the first time the tech giant has apologized to the researcher.

When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update. There were three releases since then and they broke their promise each time.

Ten days ago I asked for an explanation and warned then that I would make my research public if I don’t receive an explanation. My request was ignored so I’m doing what I said I would. My actions are in accordance with responsible disclosure guidelines (Google Project Zero discloses vulnerabilities in 90 days after reporting them to vendor, ZDI – in 120). I have waited much longer, up to half a year in one case.

Having said that,  a jailbreak developer told Tokarev that Apple has released a fix for all three 0-days, which was done in one day after I have disclosed them. But he has not confirmed the claim.

Read More:

About the Author

Addicted to social media and in love with iPhone, started blogging as a hobby. And now it's my passion for every day is a new learning experience. Hopefully, manufacturers will continue to use innovative solutions and we will keep on letting you know about them.

2 comments

Leave a Reply

Your email address will not be published. Required fields are marked *