iPhones are currently facing their greatest security crisis in a decade, but what is becoming equally worrying is the response from Apple. And the latest development may convince you to quit your iPhone.
iPhones are still not safe. That’s the shocking revelation from security researcher Denis Tokarev, following the release of iOS 15.1. Tokarev revealed Apple has again left two “zero-day” iPhone hacks unfixed, despite making Apple aware of them more than seven months ago. Tokarev even made the hacks public last month in an attempt to force Apple to act and the company promised to do so. But it hasn’t.
“These two 0-day vulnerabilities are still unpatched in iOS 15.1,” explained Tokarev. “[they] allow spyware apps like @Facebook and @tiktok_us to track and profile you and to acquire sensitive data without your permission.”
iOS 15.1 is the third iOS update since Apple promised to act on the security flaws Tokarev discovered, and the ninth release of iOS in total since he first sent the vulnerabilities to the company.
And this is part of a wider, worrying pattern. Tokarev states that he originally submitted three zero-day hacks to Apple between March and May: the two that are still unfixed and a third which the company silently patched in iOS 15.0.2 without giving him any notice, credit or bounty. This is critical because Apple runs an official Security Bounty program which is meant to incentivize researchers to bring the vulnerabilities they discover to the company, rather than selling them to hackers. But Tokarev is the latest in a series of examples where this has not happened (1,2,3,4,5,6,7,8,9,10,11).
Last month Marco Arment, creator of Instapaper and Overcast and former CTO of Tumbler, called out this trend: “Security relations are developer relations. What will it take for Apple to change their entire CULTURE of how they treat outside developers? [It’s] so deeply broken, yet nothing changes. What will it take?”
A combination of late security fixes and poor treatment of security researchers is a recipe for disaster, especially for a company which heavily markets its commitment to security. Attacks are also on the rise. Google disclosed in July that there have already been more zero-day exploits of browsers in 2021 than in the whole of 2020. Apple needs researchers on its side more than ever.
Things need to improve. Right now your iPhone is vulnerable to two zero-day hacks that Apple has known about for seven months. If things don’t improve, serious problems lie ahead for millions of iPhone owners.
I have reached out to Apple and will update this post when/if I get a response.
Follow Gordon on Facebook
More On Forbes
New Apple Exclusive Reveals 2022 iPhone Design Shock
Snowden Slams Apple CSAM: Warns iPad, iPhone, Mac Users Worldwide