Hacker News new | past | comments | ask | show | jobs | submit login

> We disclosed our results to Apple on September 12, 2022 (408 days before public release).

Really interested to find out why Apple has (mostly) slept on this for over a year!




Because they can.

They are one of the CVE gods, so they can veto issuance of CVEs against their products. That kind of power means you can move as slowly as you please.


BS. Being a CVE numbering authority (of which there are several hundred) does not grant a veto against CVE issuance. They are allowed to issue CVEs on their products but by no means are they the only authority that may issue them for Apple vulnerabilities.


Also, you don't need to issue a CVE to publish a vulnerability. You just make it public regardless and say CVE was denied for it.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: