Last week, a security researcher went public with his findings on several zero-day exploits that were found in iOS 15. The researcher claims that he tried to reach out to Apple to inform them about it, but never heard back and iOS 15 was released even though he had warned them about these vulnerabilities before then.
It looks like it took Apple getting a bit of unwanted negative media attention where the company finally responded. In an email sent to Denis Tokarev, the researcher in question, Apple apologized for the delay of getting back to him and stated that they are still investigating the issues he brought to their attention.
According to the email, “We saw your blog post regarding this issue and your other reports. We apologize for the delay in responding to you. We want to let you know that we are still investigating these issues and how we can address them to protect customers. Thank you again for taking the time to report these issues to us, we appreciate your assistance. Please let us know if you have any questions.”
Some researchers feel that Apple’s response is not good enough, especially since the company’s bug bounty program is more than five years old.
Speaking to Motherboard, Katie Moussouris, a cybersecurity expert who used to work at Microsoft said, “You would think that their bug bounty program is the healthiest of all the bug bounty programs since they’re offering a million dollars as their top prize. But it’s absolutely not the case.”