Technology peripherals
It Industry
Experts angrily criticize Apple: Vulnerabilities that have been exposed for a year have not yet been resolved
Experts angrily criticize Apple: Vulnerabilities that have been exposed for a year have not yet been resolved
According to news on August 22, network security expert Jeff Johnson reported an application management vulnerability discovered in the macOS system to Apple in October 2022. However, by August 2023, Apple still had not fixed the vulnerability. It is said that this vulnerability allows applications to bypass the operating system's sandbox protection, obtain the highest privileges, and modify other applications and obtain information without the user's permission. It is understood that Jeff Johnson A blog post was published on his personal blog in October last year, briefly mentioning five potential ways to exploit App management vulnerabilities, and hinting that a sixth way had been discovered. He also said that he reported the vulnerability to Apple immediately after discovering it and received a confirmation reply from Apple. However, the vulnerability has not yet been patched
#Jeff Johnson recently explained in detail how the vulnerability works on his blog. He detailed how an application could exploit this vulnerability to bypass the system's security restrictions and gain maximum privileges on the system in six different ways. This means attackers could make modifications to other applications and obtain sensitive information without the user's knowledge. Cybersecurity experts typically follow a disclosure process to safeguard the security industry. Generally speaking, once a vulnerability is discovered and reported to the manufacturer, researchers will give the manufacturer a certain amount of time to fix the vulnerability, usually 90 days. However, if the vulnerability is not resolved within this time, the researchers may make the details of the vulnerability public to alert users to the potential risk. According to reports, Jeff Johnson has given Apple enough time to fix the vulnerability, but it has still not been resolved.
Concerns about this matter are mainly focused on the security of the macOS system and user privacy protection. It also highlights the importance of collaboration between vendors and security researchers on vulnerability disclosure and resolution. For users, keeping the operating system and applications updated is an important step to reduce potential risks
Although Apple has not issued an official statement on the matter, this incident is another reminder that any system may face Cyber security issues. Promptly fixing vulnerabilities and paying close attention to the advice of security experts are key to keeping personal and institutional data safe
The above is the detailed content of Experts angrily criticize Apple: Vulnerabilities that have been exposed for a year have not yet been resolved. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
deepseek ios version download and installation tutorial
Feb 19, 2025 pm 04:00 PM
DeepSeek Smart AI Tool Download and Installation Guide (Apple Users) DeepSeek is a powerful AI tool. This article will guide Apple users how to download and install it. 1. Download and install steps: Open the AppStore app store and enter "DeepSeek" in the search bar. Carefully check the application name and developer information to ensure the correct version is downloaded. Click the "Get" button on the application details page. The first download may require AppleID password verification. After the download is completed, you can open it directly. 2. Registration process: Find the login/registration portal in the DeepSeek application. It is recommended to register with a mobile phone number. Enter your mobile phone number and receive the verification code. Check the user agreement,
Why can't the Bybit exchange link be directly downloaded and installed?
Feb 21, 2025 pm 10:57 PM
Why can’t the Bybit exchange link be directly downloaded and installed? Bybit is a cryptocurrency exchange that provides trading services to users. The exchange's mobile apps cannot be downloaded directly through AppStore or GooglePlay for the following reasons: 1. App Store policy restricts Apple and Google from having strict requirements on the types of applications allowed in the app store. Cryptocurrency exchange applications often do not meet these requirements because they involve financial services and require specific regulations and security standards. 2. Laws and regulations Compliance In many countries, activities related to cryptocurrency transactions are regulated or restricted. To comply with these regulations, Bybit Application can only be used through official websites or other authorized channels
Sesame Open Door Trading Platform Download Mobile Version Gateio Trading Platform Download Address
Feb 28, 2025 am 10:51 AM
It is crucial to choose a formal channel to download the app and ensure the safety of your account.
gate.io sesame door download Chinese tutorial
Feb 28, 2025 am 10:54 AM
This article will guide you in detail how to access the official website of Gate.io, switch Chinese language, register or log in to your account, as well as optional mobile app download and use procedures, helping you easily get started with the Gate.io exchange. For more tutorials on using Gate.io in Chinese, please continue reading.
Sesame Open Door Exchange App Official Download Sesame Open Door Exchange Official Download
Mar 04, 2025 pm 11:54 PM
The official download steps of the Sesame Open Exchange app cover the Android and iOS system download process, as well as common problems solutions, helping you download safely and quickly and enable convenient transactions of cryptocurrencies.
Is there any mobile app that can convert XML into PDF?
Apr 02, 2025 pm 08:54 PM
An application that converts XML directly to PDF cannot be found because they are two fundamentally different formats. XML is used to store data, while PDF is used to display documents. To complete the transformation, you can use programming languages and libraries such as Python and ReportLab to parse XML data and generate PDF documents.
Compilation and installation of Redis on Apple M1 chip Mac failed. How to troubleshoot PHP7.3 compilation errors?
Mar 31, 2025 pm 11:39 PM
Problems and solutions encountered when compiling and installing Redis on Apple M1 chip Mac, many users may...
How to download gate exchange Apple mobile phone Gate.io Apple mobile phone download guide
Mar 04, 2025 pm 09:51 PM
Gate.io Apple mobile phone download guide: 1. Visit the official Gate.io website; 2. Click "Use Apps"; 3. Select "App"; 4. Download the App Store; 5. Install and allow permissions; 6. Register or log in; 7. Complete KYC verification; 8. Deposit; 9. Transaction of cryptocurrency; 10. Withdrawal.
