Thursday, October 27, 2022

Apple Security Research Blog

Ivan Krstić:

Apple Security Research, our new blog and website at security.apple.com! We launch with an update on Apple Security Bounty, and a deep dive into some fundamental XNU memory safety improvements with kalloc_type.

Why doesn’t Apple like RSS?

Apple Product Security:

At times we received many more [security bounty] submissions than we anticipated, so we’ve grown our team and worked hard to be able to complete an initial evaluation of nearly every report we receive within two weeks, and most within six days.

[…]

Our Apple Security Research site includes a new way to send us research on the web and get real-time status updates.

Previously:

2 Comments RSS · Twitter

André Jansen Medeiros Villar

> worked hard to be able to complete an initial evaluation of nearly every report we receive within two weeks

My guess is that only happened after the tenth time they were roasted by not following their own procedures and being exploited because of it.

But good to see anyways.

The images on their site are webp files with a .png extension... Really?

Leave a Comment