[Talisker]

Pedro Vilaca revealed the information without what is considered responsible disclosure in the security industry, in which an affected company or project is notified sufficiently far ahead of the release of information to allow them the potential to fix the problem. Apple isn’t always terrific about this, but looking at the list of credited, fixed security issues in its regular updates indicates it does accept and act on reports. In an update, he posted a feeble excuse about why he didn’t tell Apple first. ...However, some preliminary contact would have been nice to prevent tens of millions of Mac users from becoming targets before the full scope is understood and how easy it will be to exploit practically.

Wow, major cheap shot and Apple bootlicking. This guy finds something EVERYONE mised literally for decades, and HE'S the one endangering tens of millions of Mac users by notifying them of it without first notifying Apple? Oh yeah, because everything must go to corporate Massa first, and then that monolithic non-responsibility corporation will, of "it's" own initiative, when "it" decides to, without taking any responsibility and - heaven forbid - actually assigning any blame to any actual human beings, MAYBE let users know, depending on advice from it's massive legal team.

And he even let Apple know that it's precisely BECAUSE of this imperious, calculated behavior multiple times in the past that he decided it could not be trusted with this information, for fear it would bury it.

So a little bootlicker writer is paid to claim that, AT THE SAME TIME, this investigator (not Apple, never Apple) endangered tens of millions of people by not kneeling first to Apple Corporate, over something Apple claims is actually no threat at all, nothing to see, move along, the odds are that the Great Pyramid will start flying around on it's own before this flaw is ever exploited by anyone.

Both.

Thus, of course, proving Pedro Vilaca's point about how Apple covers it's ass FIRST, and deals with any threats to users second.

[Swordmaker]

Wow, major cheap shot and Apple bootlicking. This guy finds something EVERYONE mised literally for decades, and HE'S the one endangering tens of millions of Mac users by notifying them of it without first notifying Apple? Oh yeah, because everything must go to corporate Massa first, and then that monolithic non-responsibility corporation will, of "it's" own initiative, when "it" decides to, without taking any responsibility and - heaven forbid - actually assigning any blame to any actual human beings, MAYBE let users know, depending on advice from it's massive legal team.

No, Talisker, you are wrong. The standard in the security industry is to inform the company who can fix the vulnerability before you publish the find so that hackers cannot do the very expensive damage they are noted for with a vulnerability that many of them are incapable of finding on their own. Vilaca broke the rules of proper behavior for such finds and those who published it did as well. The normal procedure is to give the publisher of the software approximately three months to address the issue before you go public with a zero-day vulnerability after you notify them. This asshat was in such a rush to announce it, he did not even bother to notify Apple before he made his presentation. . . no notice at all.

This means that there are millions of innocent people who could be hacked because he was arrogant. He IS the one who is endangering the tens of millions of users. Without him, this unfound vulnerability could have gone unfound for years more. . . or it could have been quietly fixed before the hacker community ever got wind of it and then announced, which is the normal way these vulnerabilities are handled. But NO, he had to have his fifteen minutes of notoriety instead of a footnote in security annals. He IS reprehensible.