Apple issues apology after researcher leaks security bugs
Apple has been forced to apologize to users after a security researcher leaded bugs that put users at risk in the iOS operating system.
Apple is also being criticized for mishandling security vulnerability alerts notified through its bug bounty program. Researchers assert this is symptomatic of the company’s bug bounty program being riddled with complications.
Denis Tokarev’s post reported four zero-day vulnerabilities in Apple’s iOS mobile operating system. Zero-days refer to new bugs or security flaws in the system for which there are no patches currently available.
After reporting the issues to Apple, Tokarev said that Apple ignored three of them, and released a patch for the fourth one. But when the latest iOS version, 15.0, was released, the patch was not covered in the company’s security content page.
The bugs that Tokarev investigated allowed apps to read user data like contact lists and Apple ID email, along with other personally-identifying information.
Tokarev says several other security researchers were ignored by Apple’s bug bounty program.
Bug bounty hunting programs allow ethical hackers and cybersecurity specialists to get paid for discovering bugs in systems and networks.
Other than the apology, Apple remains silent on the user data breach.
The company has been based in recent years for censoring the free speech of users and in 2014 launched a gay “meet-up” app for kids 12 and older.
–Wire Services