Last week, developer and security specialist Denis Tokarev discovered several zero-day vulnerabilities in iOS. He also said that Apple ignored his reports and did not fix the problems for several months. Apple has apologized to the developer.
Tokarev writes that Apple only contacted him after he published the bug reports publicly and this attracted media attention. Apple apologized to the technician in an email and wrote that it was still investigating the problem.
We have seen your issue report. We apologize for waiting so long for an answer. We would like to inform you that we are still studying the problems and thinking about how to solve them. Thanks again for letting us know about the issues, we appreciate your help. Let me know if you have any questions.
The developer claims to have reported the bugs to Apple back in the spring, so Apple had several months to fix the bugs before publicly publishing them.
Apple patched only one vulnerability in iOS 14.7, but did not mention that Tokarev found it. The company also apologized for this and promised to fix it. Since then, there have been three updates, but the company hasn't kept its word.
Three more vulnerabilities still exist in iOS 15 , including a Game Center bug that allows any application to access Apple ID information.
Tokarev himself admitted that the bugs he discovered were not very dangerous. To use them, you need to get approval to add a malicious application to the App Store, which is not so easy. However, Apple could have fixed these vulnerabilities long ago.
Tokarev is not the first expert to criticize Apple for its attitude towards people reporting bugs to the company. Often, users do not even receive the promised reward, and it takes a lot of time to fix bugs.
0 Comments:
Post a Comment
Your comment and facebook share will be appreciated