8 comments

[ 2.8 ms ] story [ 23.1 ms ] thread
No, you keep them secret so you can stay in business. If you actually cared about the public, you’d be reporting them to Apple.
Remember that High Sierra update that left a nice privilege elevation bug for like a month? That never happened... If you never admit to it, it never happened. Apple's security philosophy.
Has Apple offered them an appropriate bug bounty?
Who is “them”? Cellebrite is mostly in the business of buying vulns, not developing them. That said: Apple pays $100k for SE leaks and $200k for boot firmware vulns. Based on described capability, the iOS11 vuln in question would be one of these two.
Right, it’s in the public interest to keep open vulnerabilities that China and Russia can exploit.
Or more realistically arbitrary people trying to get access to passwords and cc info.
(comment deleted)
Until they use it in a Felony trial and their means/methods get cross examined. No trade secrets in forensics bro.