Last week, Denis Tokarov, a cybersecurity researcher, revealed some security holes in iOS. He said that Apple was indifferent to his reports and now, several months later, it has not yet taken action to resolve these issues.
Tokarov announced today on Motherboard Twitter that Apple He contacted her after he publicly exposed these iOS security holes and attracted media attention. Apple sent an e-mail apologizing for the delay in informing them that it was still investigating the security issues.
An Apple employee wrote in response to the researcher: We have seen you in this blog post about this and other issues. We apologize for the delay in responding to your reports. In this way, we inform you that we are still investigating these security holes and we are trying to provide more security to our users by solving these problems. Thanks again for taking the time to report on these issues. Contact us if you have any questions.
Apple has fixed one of the security vulnerabilities in iOS 14.7, but made no mention of Tokarov, who fixed the security issue. Another vulnerability in this unmentioned operating system is the Game Center problem, which allows any app installed from the App Store to access email, full name and Apple ID credentials, contact list and some attachments.>
Tokarov has released details of these vulnerabilities to allow Apple to quickly Take action to address these security vulnerabilities.
The researcher initially contacted Apple between March 10 and May 4 to report these security issues. So Apple has had months to address these vulnerabilities. But it is worth noting that several cybersecurity researchers and Tokarov himself have confirmed that these bugs are not so important, because to exploit this security hole, we must first have the permission of the App Store to install malware.
However, experts have criticized Apple's response and its buggy program. Cyber security expert Katie Moussouris told Twitter Motherboard that Apple's management style is not normal and should not be taken lightly. Researcher Nicholas Patachek said Apple's move appeared to be in response to a bad news response.
Earlier this month, the Washington Post interviewed more than a dozen security researchers. Did to find bugs in Apple's buggy app. Researchers say that Apple is slow to fix bugs and never pays its debts to cybersecurity experts. This has led to the dissatisfaction of these researchers with Apple.
At the time, Ivan Kristic, Apple's chief security and architectural engineer, announced that the company was working to increase the participation and rewards of cybersecurity researchers. , Provide them with new and even better research tools than before.