| ▲ | anacrolix 10 hours ago | |||||||
I've reported a trivially reproducible mmap issue that causes Darwin to spiral into locking up with no apparent reason. "Not a vulnerability". I also reported a bug in Safari HTTP proxy handling that prevents encryption. No reply. I provided source code, and reproduction steps for both. Fuck Apple | ||||||||
| ▲ | dillutedfixer 10 hours ago | parent | next [-] | |||||||
A few years back I found a bug that would make deleted photos show up in the Photos app on iPhone simply by putting transparent PNGs into the photo library. I reported it to Apple via web, no response. I called their support and talked to a very nice guy who had an in-depth conversation with me about it and even watched a video I made showing the bug. He said he was taking the issue "up the chain." About 6 months and two .x.x releases later and the bug still existed. I reported it again, no response. So I emailed AppleInsider who did a short article about it and within two weeks another .x.x release came out and the bug was fixed. Sadly I think this is one of the only ways to get big tech companies to take action these days. Cant tell you how many times I have read about Comcast, Verizon, etc screwing someone over and being unreasonable about it until theres an article on ArsTechnica or some similar site about it. | ||||||||
| ||||||||
| ▲ | jeroenhd 9 hours ago | parent | prev [-] | |||||||
This is the reason security researchers started demanding deadlines before publishing their findings publicly. Forcing them to do damage control by publishing their dirty laundry turned out to be the best way to motivate companies to listen to reports. | ||||||||