this post was submitted on 20 Jul 2023
0 points (50.0% liked)

Security

522 readers
5 users here now

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

  1. All instance-wide rules apply.
  2. Keep it totally legal.
  3. Remember the human, be civil.
  4. Be helpful, don't be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
LinearArray@programming.dev
0
Apple employee reportedly didn’t tell Google about zero-day exploit found in Chrome (9to5mac.com)
submitted 1 year ago by Mustafaalbazy@programming.dev to c/security@programming.dev
1 comments fedilink hide all child comments
 

As we often report here, it’s common for tech companies to help each other improve their security systems by sharing zero-day exploits found by security researchers. Google, for example, does this a lot. But recently, an Apple employee reportedly found a zero-day exploit in Google Chrome – and that bug was never reported to Apple by that person.

you are viewing a single comment's thread
view the rest of the comments
[–] sciawp@lemm.ee 1 points 1 year ago

TechCrunch’s report had access to a Discord channel where a person claiming to be the Apple employee who found the bug said “there wasn’t any real urgency” to fix the exploit immediately. The person explained that only Apple’s security research team knew about the exploit and that it’s not easily accessible in a real-world scenario.

Furthermore, the employee claimed that the exploit was reported to Google on June 5 and that the delay was due to the time it took for multiple people to sign off on the report.

Pretty misleading headline