Experts angrily criticize Apple: Vulnerabilities that have been exposed for a year have not yet been resolved

According to news on August 22, network security expert Jeff Johnson reported an application management vulnerability discovered in the macOS system to Apple in October 2022. However, by August 2023, Apple still had not fixed the vulnerability. It is said that this vulnerability allows applications to bypass the operating system's sandbox protection, obtain the highest privileges, and modify other applications and obtain information without the user's permission. It is understood that Jeff Johnson A blog post was published on his personal blog in October last year, briefly mentioning five potential ways to exploit App management vulnerabilities, and hinting that a sixth way had been discovered. He also said that he reported the vulnerability to Apple immediately after discovering it and received a confirmation reply from Apple. However, the vulnerability has not yet been patched

#Jeff Johnson recently explained in detail how the vulnerability works on his blog. He detailed how an application could exploit this vulnerability to bypass the system's security restrictions and gain maximum privileges on the system in six different ways. This means attackers could make modifications to other applications and obtain sensitive information without the user's knowledge. Cybersecurity experts typically follow a disclosure process to safeguard the security industry. Generally speaking, once a vulnerability is discovered and reported to the manufacturer, researchers will give the manufacturer a certain amount of time to fix the vulnerability, usually 90 days. However, if the vulnerability is not resolved within this time, the researchers may make the details of the vulnerability public to alert users to the potential risk. According to reports, Jeff Johnson has given Apple enough time to fix the vulnerability, but it has still not been resolved.

Concerns about this matter are mainly focused on the security of the macOS system and user privacy protection. It also highlights the importance of collaboration between vendors and security researchers on vulnerability disclosure and resolution. For users, keeping the operating system and applications updated is an important step to reduce potential risks

Although Apple has not issued an official statement on the matter, this incident is another reminder that any system may face Cyber ​​security issues. Promptly fixing vulnerabilities and paying close attention to the advice of security experts are key to keeping personal and institutional data safe

The above is the detailed content of Experts angrily criticize Apple: Vulnerabilities that have been exposed for a year have not yet been resolved. For more information, please follow other related articles on the PHP Chinese website!