I don’t publicly disclose the vulnerabilities I discover in course of client business. However, I do so for vulnerabilities I find by accident when I use systems.

  • Apple – Reported August 9, 2012. Vendor responded August 10 asking me not to spill the beans and with a incident number. Still no notification that it has been resolved (68 days so far). I wish I could say more, but I think it would be trivially re-discovered if I even gave you an idea of even where it lies. 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>