Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Apple Security would instantly close it as "don't see the problem here" if you reported it to them. They have a poor reputation around TCC bug reports.


That makes it OK for you to not responsibly disclose a vuln? Cool I guess)


I have nothing to do with any of this.

But since they don't consider these as vulnerabilities in the first place, then yeah, sure.


It's very common for large companies to "close" or downplay vulnerabilities. That doesn't exempt researchers from responsible disclosure timelines. There have been plenty of instances where a company reverses course after some back & forth and the looming threat of going public.


You literally made a statement justifying not responsibly disclosing vuln because apple process sucks

whether it is a vuln is different argument (it's sandbox escape and definitely usable as part of an exploit)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: