I don’t publicly disclose the vulnerabilities I discover in course of client business. However, I do so for vulnerabilities I find by accident when I use systems.
- Apple – Reported August 9, 2012. Vendor responded August 10 asking me not to spill the beans and with a incident number. Still no notification that it has been resolved (68 days so far). I wish I could say more, but I think it would be trivially re-discovered if I even gave you an idea of even where it lies.