top | item 20008486

(no title)

outlog | 6 years ago

"..This issue was supposed to be addressed, according to the vendor, on May 15th 2019 but Apple started dropping my emails."

I believe Apple could easily have asked for an extension, if solving it was complex.. Apple chose not to.

(from the information available to us..)

discuss

kibwen|6 years ago

Indeed, many security researchers are willing to extend their disclosure deadlines if the vendor gives good reason to and shows that they're taking it seriously.

mosselman|6 years ago

"on May 15th 2019 but Apple started dropping my emails"

What does that mean? Is there proof? How long do you wait before you call not getting a response 'dropping'?

The potential consequences require more than this.

simondedalus|6 years ago

You would have a point if the exploit were more serious, and looked harder to fix than it does.

As is, this is a phishing type variant that it’s not at all clear gatekeeper was even designed to stop. However, the default behavior described (especially making symlinks to NFS shares without any sort of warning or special graphic when following them in Finder) seems sufficient for forceful language when complaining about it to Apple / giving a disclosure deadline then publishing.