Hacker News new | past | comments | ask | show | jobs | submit login

Might have been better to report it to the security people. This sort of thing can be exploitable.



They did report it to Apple, multiple times:

> I found it while on Monterey and reported it 2 times through Feedback Assistant, but it still happens on Ventura.


"to the security people" means emailing the relevant email address, not Feedback Assistant.


If it doesn't end up with the relevant people, that's Apple's problem.


It does eventually. If you want a prompt response you should contact product security.


Shouldn't Apple be the ones who really want to respond promptly? Why should we work around bugs in Apple's issue reporting system?


I don’t really see the problem with getting faster responses by contacting Apple’s security team directly for potential vulnerabilities when compared to the general-purpose bug tracker.


By an hour or two, maybe. But since the last version of the OS? No.


Usually big companies such as Discord give perks to the bug hunters who find bugs. Apparently Apple doesn't have that. There are probably people at Apple who won't admit that they have bugs, when every operating system has bugs, the code is too big to not create a single bug or exploit.


Huh? Apple has a robust bug bounty program.

https://security.apple.com/bounty/


I have found 2 crashes in osX back in Yosemite. I have reported them with every release since.

I have no idea of they work on the arm Macs, but I will have the ability to check in a couple of days. Probably nothing exploitable, but still a hard crash.


It’s a null deref.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: