Man Goes Public about macOS Privacy Exploits after Apple Leaves them Unfixed for over Six Months

Peter_Brosdahl

Moderator
Staff member
Joined
May 28, 2019
Messages
8,710
Points
113
Apple-Safari-MacBook-Pro-1024x576.jpg
Image: Apple



Some might think that by offering a bounty program, for what is often considered the world’s most secure operating system, that action would quickly get taken for finds. This does not appear to be the case for, at least, one man’s discoveries. It does, unfortunately, show a pattern for the Cupertino company to leave some exploits unpatched long after being notified about them. App developer Jeff Johnson recently posted on his blog about an exploit he discovered in September of 2019. His blog goes into detail about how the exploit functions.



Today I’m disclosing a macOS privacy protections bypass. (You may recall that I disclosed another one last year.) The privacy protections system (also known as TCC: Transparency, Consent, and...
Click to expand...

Continue reading...


 
This is doubly bad by Apple. They were withholding payment to keep him from. Releasing in hopes of getting paid. That's bs.

As a security researcher you probably need to release it after that time because if you don't and someone else discovers it through no fault of your own you might be held liable or under suspicion and potentially facing legal and civil lawsuites. That window of time is to protect the company, the expiration is to protect the researcher.
 
Not defending Apple here, but I keep thinking there's another side to this story we aren't hearing.
 
"Worlds most secure operating system" my ***.

OS X, or MacOS as they have decided to revert the name to is highly problematic from a security perspective for many reasons.

1.) Apple is very opaque about discovered vulnerabilities

2.) Apple does not push out patches quickly, often waiting months for the next release, and sometimes does not patch them several releases in a row!

3.) MacOS may be based on top of FreeBSD, and FreeBSD is very highly regarded for its security, but everything sitting on top of the base OS is programmed by Apple or third parties, and I personally have no faith in at all.

4.) Most vulnerabilities in all operating systems stem from installed programs, not the underlying operating system itself, and there is absolutely nothing to suggest that installed applications are any more secure on MacOS than any other operating system. In fact, All linux distributions and the BSD's have a huge advantage here due to their central package manager that keeps everything up to date.

5.) Apple has a huge reputation for security among people who are uninformed. It is completely undeserved.

If they want to improve, they need to be completely transparent with their bug reporting and patching plans. They need to patch and patch quickly. Have security updates weekly or biweekly like other platforms. Take security seriously! They ahve ridden the whole "Security by obscurity" bandwagon for too long, being a smaller target than the likes of Windows due to their smaller userbase, but there is absolutely nothing MacOS has as an advantage from a technical perspective compared to Windows, and they are far behind the likes of Linux and the BSD's.
 
You must log in or register to reply here.
Become a Patron!
Back
Top