Motherboard also asked for more feedback from those in the infosec community: Motherboard verified the email from Apple to Tokarev as legitimate by confirming it came from a server owned by Apple. Please let us know if you have any questions.” Thank you again for taking the time to report these issues to us, we appreciate your assistance. “We want to let you know that we are still investigating these issues and how we can address them to protect customers. We apologize for the delay in responding to you,” an Apple employee wrote. “We saw your blog post regarding this issue and your other reports.
Reported by Motherboard, here’s what Apple officially responded with, per Tokarev: Update 9/27: After sharing his experience publicly, Apple has responded to security researcher illusionofchaos, aka Denis Tokarev. Now another security researcher has shared their experience claiming that Apple didn’t give them credit for one zero-day flaw they reported which was fixed and that there are three more zero-day vulnerabilities in iOS 15. However, the program has seen a good amount of criticism from the infosec community. Apple overhauled its security bounty program back in 2019 by making it open to anyone, increasing payouts, and more.
