Comment by concinds
9 hours ago
Apple Security would instantly close it as "don't see the problem here" if you reported it to them. They have a poor reputation around TCC bug reports.
9 hours ago
Apple Security would instantly close it as "don't see the problem here" if you reported it to them. They have a poor reputation around TCC bug reports.
That makes it OK for you to not responsibly disclose a vuln? Cool I guess)
I have nothing to do with any of this.
But since they don't consider these as vulnerabilities in the first place, then yeah, sure.
It's very common for large companies to "close" or downplay vulnerabilities. That doesn't exempt researchers from responsible disclosure timelines. There have been plenty of instances where a company reverses course after some back & forth and the looming threat of going public.