According to the latest report, security researcher Denis Tokarev disclosed several iOS vulnerabilities last week. He also said that Apple ignored his report and had not fixed these problems for several months. Today, Tokarev stated that after his public complaint, Apple contacted him. In an email, Apple apologized for the previous negligence and stated that it is still investigating these issues.
Apple said in the email:
We saw your blog post on this issue and your other reports. We apologize for the delayed response. We want you to know that we are still investigating these issues and how we can solve them to protect our customers. Thank you again for taking the time to report these issues to us, and we appreciate your help. If you have any questions, please let us know.
Apple did fix one of these vulnerabilities in iOS 14.7. But the other three remain unresolved, including a loophole in the game center, which allegedly allows any application installed from the App Store to access full Apple ID email and name, Apple ID, contact list, etc.
According to reports, Tokarev first contacted Apple about these vulnerabilities between March 10 and May 4, so Apple had several months to release patches. But it is worth noting that some security researchers and Tokarev himself have confirmed that these vulnerabilities are not very important, because if you want to exploit these vulnerabilities, you first need a malicious application to obtain App Store approval.
