Technology peripherals
It Industry
Experts angrily criticize Apple: Vulnerabilities that have been exposed for a year have not yet been resolved
Experts angrily criticize Apple: Vulnerabilities that have been exposed for a year have not yet been resolved
According to news on August 22, network security expert Jeff Johnson reported an application management vulnerability discovered in the macOS system to Apple in October 2022. However, by August 2023, Apple still had not fixed the vulnerability. It is said that this vulnerability allows applications to bypass the operating system's sandbox protection, obtain the highest privileges, and modify other applications and obtain information without the user's permission. It is understood that Jeff Johnson A blog post was published on his personal blog in October last year, briefly mentioning five potential ways to exploit App management vulnerabilities, and hinting that a sixth way had been discovered. He also said that he reported the vulnerability to Apple immediately after discovering it and received a confirmation reply from Apple. However, the vulnerability has not yet been patched
#Jeff Johnson recently explained in detail how the vulnerability works on his blog. He detailed how an application could exploit this vulnerability to bypass the system's security restrictions and gain maximum privileges on the system in six different ways. This means attackers could make modifications to other applications and obtain sensitive information without the user's knowledge. Cybersecurity experts typically follow a disclosure process to safeguard the security industry. Generally speaking, once a vulnerability is discovered and reported to the manufacturer, researchers will give the manufacturer a certain amount of time to fix the vulnerability, usually 90 days. However, if the vulnerability is not resolved within this time, the researchers may make the details of the vulnerability public to alert users to the potential risk. According to reports, Jeff Johnson has given Apple enough time to fix the vulnerability, but it has still not been resolved.
Concerns about this matter are mainly focused on the security of the macOS system and user privacy protection. It also highlights the importance of collaboration between vendors and security researchers on vulnerability disclosure and resolution. For users, keeping the operating system and applications updated is an important step to reduce potential risks
Although Apple has not issued an official statement on the matter, this incident is another reminder that any system may face Cyber security issues. Promptly fixing vulnerabilities and paying close attention to the advice of security experts are key to keeping personal and institutional data safe
The above is the detailed content of Experts angrily criticize Apple: Vulnerabilities that have been exposed for a year have not yet been resolved. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
deepseek ios version download and installation tutorial
Feb 19, 2025 pm 04:00 PM
DeepSeek Smart AI Tool Download and Installation Guide (Apple Users) DeepSeek is a powerful AI tool. This article will guide Apple users how to download and install it. 1. Download and install steps: Open the AppStore app store and enter "DeepSeek" in the search bar. Carefully check the application name and developer information to ensure the correct version is downloaded. Click the "Get" button on the application details page. The first download may require AppleID password verification. After the download is completed, you can open it directly. 2. Registration process: Find the login/registration portal in the DeepSeek application. It is recommended to register with a mobile phone number. Enter your mobile phone number and receive the verification code. Check the user agreement,
Why can't the Bybit exchange link be directly downloaded and installed?
Feb 21, 2025 pm 10:57 PM
Why can’t the Bybit exchange link be directly downloaded and installed? Bybit is a cryptocurrency exchange that provides trading services to users. The exchange's mobile apps cannot be downloaded directly through AppStore or GooglePlay for the following reasons: 1. App Store policy restricts Apple and Google from having strict requirements on the types of applications allowed in the app store. Cryptocurrency exchange applications often do not meet these requirements because they involve financial services and require specific regulations and security standards. 2. Laws and regulations Compliance In many countries, activities related to cryptocurrency transactions are regulated or restricted. To comply with these regulations, Bybit Application can only be used through official websites or other authorized channels
Sesame Open Door Trading Platform Download Mobile Version Gateio Trading Platform Download Address
Feb 28, 2025 am 10:51 AM
It is crucial to choose a formal channel to download the app and ensure the safety of your account.
How to enable Douyin's beanbao function
Nov 28, 2024 pm 07:39 PM
The AI assistant "Doubao" launched by ByteDance, the parent company of TikTok, has attracted attention for its powerful generation capabilities. This guide provides simple steps to help you start your bean bag journey with ease. You can log in to Doubao through the web version (doubao.com) or Android App. You need to use your Douyin account for the first time. After logging in, you can try functions such as text creation, image generation, and voice interaction (Android App only) to explore the fun of AI creation.
gate.io sesame door download Chinese tutorial
Feb 28, 2025 am 10:54 AM
This article will guide you in detail how to access the official website of Gate.io, switch Chinese language, register or log in to your account, as well as optional mobile app download and use procedures, helping you easily get started with the Gate.io exchange. For more tutorials on using Gate.io in Chinese, please continue reading.
How to find the download link of Ouyi okx Android and Apple
Feb 21, 2025 pm 05:39 PM
Ouyi OKX is a world-leading cryptocurrency exchange that provides users with a safe and convenient trading experience. Users can download Ouyi OKX's mobile apps, including Android and Apple versions through official channels.
Sesame Open Door Exchange App Official Download Sesame Open Door Exchange Official Download
Mar 04, 2025 pm 11:54 PM
The official download steps of the Sesame Open Exchange app cover the Android and iOS system download process, as well as common problems solutions, helping you download safely and quickly and enable convenient transactions of cryptocurrencies.
How to install and register an app for buying virtual coins?
Feb 21, 2025 pm 06:00 PM
Abstract: This article aims to guide users on how to install and register a virtual currency trading application on Apple devices. Apple has strict regulations on virtual currency applications, so users need to take special steps to complete the installation process. This article will elaborate on the steps required, including downloading the application, creating an account, and verifying your identity. Following this article's guide, users can easily set up a virtual currency trading app on their Apple devices and start trading.
