Apple continues to investigate "security flaws" not fixed in iOS 15

Grecia De Flores
3 min read

Apple has responded to a security researcher, who recently made a series of claims about different flaws in its iOS 15 system, which were exposed in detail, highlighting the concern for all users who continued to trust the company.

However, it was known that the company decided to ignore several of the vulnerability reports that they had made, to which they only limited themselves to saying that "it was still investigating the problems."

Problems with some updates are the starting point

At the beginning of September, Denis Tokarev, who is the security researcher to whom this bug report belongs, wrote a blog post in which he detailed the interactions he obtained with the Bug Bounty program belonging to Apple.

Tokarev explained to different media that of the four security vulnerabilities, which he had detected, only one has been fixed.

Apple continues to investigate "security flaws" not fixed in iOS 15

However, the other three errors that had been detected, had not been fixed in the version that was released from iOS 15.

In response to the post you made on your blog; Apple only tried to place a statement in which they apologized for having a delay in communication, in addition to adding the fact that they were investigating the problem.

The reactions of the company, did not wait

“We have reviewed Mr. Denis Tokarev's blog post, regarding system issues and his other reports. We sincerely apologize for the delay we have had in responding to you” was part of the statement presented by the company.

However, Tokarev explained that the company was also not giving him the credit for the information of the only vulnerability that was the one that the company managed to fix.

The three bugs that were found unpatched also include a specific flaw which could allow the app store to read some data such as the email belonging to the Apple ID, as well as contact lists and other sensitive information. The client's.

Tokarev pointed out to some media outlets that none of these three bugs are critical level vulnerabilities, which may explain the reason for Apple's delay in fixing it.

At least, we are certain that these errors were supervised by an expert in the cybersecurity area, as explained by Carta madre, since the handling of the situation was not carried out in the most appropriate way by the Apple company.

While other experts explained that the company probably responded to Tokarev, thanks to the great relevance and coverage that his report obtained, in addition to the reactions of the public, although to date Apple describes his program as a "great success".