Comment by concinds
12 hours ago
I have nothing to do with any of this.
But since they don't consider these as vulnerabilities in the first place, then yeah, sure.
12 hours ago
I have nothing to do with any of this.
But since they don't consider these as vulnerabilities in the first place, then yeah, sure.
It's very common for large companies to "close" or downplay vulnerabilities. That doesn't exempt researchers from responsible disclosure timelines. There have been plenty of instances where a company reverses course after some back & forth and the looming threat of going public.
You literally made a statement justifying not responsibly disclosing vuln because apple process sucks
whether it is a vuln is different argument (it's sandbox escape and definitely usable as part of an exploit)