Technology peripheralsIt IndustryExperts angrily criticize Apple: Vulnerabilities that have been exposed for a year have not yet been resolvedExperts angrily criticize Apple: Vulnerabilities that have been exposed for a year have not yet been resolved
According to news on August 22, network security expert Jeff Johnson reported an application management vulnerability discovered in the macOS system to Apple in October 2022. However, by August 2023, Apple still had not fixed the vulnerability. It is said that this vulnerability allows applications to bypass the operating system's sandbox protection, obtain the highest privileges, and modify other applications and obtain information without the user's permission. It is understood that Jeff Johnson A blog post was published on his personal blog in October last year, briefly mentioning five potential ways to exploit App management vulnerabilities, and hinting that a sixth way had been discovered. He also said that he reported the vulnerability to Apple immediately after discovering it and received a confirmation reply from Apple. However, the vulnerability has not yet been patched
#Jeff Johnson recently explained in detail how the vulnerability works on his blog. He detailed how an application could exploit this vulnerability to bypass the system's security restrictions and gain maximum privileges on the system in six different ways. This means attackers could make modifications to other applications and obtain sensitive information without the user's knowledge. Cybersecurity experts typically follow a disclosure process to safeguard the security industry. Generally speaking, once a vulnerability is discovered and reported to the manufacturer, researchers will give the manufacturer a certain amount of time to fix the vulnerability, usually 90 days. However, if the vulnerability is not resolved within this time, the researchers may make the details of the vulnerability public to alert users to the potential risk. According to reports, Jeff Johnson has given Apple enough time to fix the vulnerability, but it has still not been resolved.
Concerns about this matter are mainly focused on the security of the macOS system and user privacy protection. It also highlights the importance of collaboration between vendors and security researchers on vulnerability disclosure and resolution. For users, keeping the operating system and applications updated is an important step to reduce potential risks
Although Apple has not issued an official statement on the matter, this incident is another reminder that any system may face Cyber security issues. Promptly fixing vulnerabilities and paying close attention to the advice of security experts are key to keeping personal and institutional data safe
The above is the detailed content of Experts angrily criticize Apple: Vulnerabilities that have been exposed for a year have not yet been resolved. For more information, please follow other related articles on the PHP Chinese website!
Building a Network Vulnerability Scanner with GoApr 01, 2025 am 08:27 AMThis Go-based network vulnerability scanner efficiently identifies potential security weaknesses. It leverages Go's concurrency features for speed and includes service detection and vulnerability matching. Let's explore its capabilities and ethical
Top 10 Best Free Backlink Checker Tools in 2025Mar 21, 2025 am 08:28 AMWebsite construction is just the first step: the importance of SEO and backlinks Building a website is just the first step to converting it into a valuable marketing asset. You need to do SEO optimization to improve the visibility of your website in search engines and attract potential customers. Backlinks are the key to improving your website rankings, and it shows Google and other search engines the authority and credibility of your website. Not all backlinks are beneficial: Identify and avoid harmful links Not all backlinks are beneficial. Harmful links can harm your ranking. Excellent free backlink checking tool monitors the source of links to your website and reminds you of harmful links. In addition, you can also analyze your competitors’ link strategies and learn from them. Free backlink checking tool: Your SEO intelligence officer
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
SublimeText3 Mac version
God-level code editing software (SublimeText3)
