I appreciate the technical insight into the impact of this bug versus other commonly found vulnerabilities. I don't disagree, but it seems to me this insight is tangential to the larger story. It's a (bit) of a blow to lay men's trust of Apple if they can easily understand why a bug occurred without having to dive into the arcane details known to researchers such as yourself.
To me, the interesting question brought up by this story is how soon the vulnerability was known to potential exploiters. Did they just have to have an appropriate set of black box tests rigorously applied to every major software release to spot this? That would, sadly, diminish my trust in the quality of Apple's engineering, though I don't see a reason to attribute it to an inside job without any evidence.
To me, the interesting question brought up by this story is how soon the vulnerability was known to potential exploiters. Did they just have to have an appropriate set of black box tests rigorously applied to every major software release to spot this? That would, sadly, diminish my trust in the quality of Apple's engineering, though I don't see a reason to attribute it to an inside job without any evidence.