Comment by concinds
13 hours ago
Apple Security would instantly close it as "don't see the problem here" if you reported it to them. They have a poor reputation around TCC bug reports.
13 hours ago
Apple Security would instantly close it as "don't see the problem here" if you reported it to them. They have a poor reputation around TCC bug reports.
That makes it OK for you to not responsibly disclose a vuln? Cool I guess)
I have nothing to do with any of this.
But since they don't consider these as vulnerabilities in the first place, then yeah, sure.
It's very common for large companies to "close" or downplay vulnerabilities. That doesn't exempt researchers from responsible disclosure timelines. There have been plenty of instances where a company reverses course after some back & forth and the looming threat of going public.
You literally made a statement justifying not responsibly disclosing vuln because apple process sucks
whether it is a vuln is different argument (it's sandbox escape and definitely usable as part of an exploit)