


Experts angrily criticize Apple: Vulnerabilities that have been exposed for a year have not yet been resolved
According to news on August 22, network security expert Jeff Johnson reported an application management vulnerability discovered in the macOS system to Apple in October 2022. However, by August 2023, Apple still had not fixed the vulnerability. It is said that this vulnerability allows applications to bypass the operating system's sandbox protection, obtain the highest privileges, and modify other applications and obtain information without the user's permission. It is understood that Jeff Johnson A blog post was published on his personal blog in October last year, briefly mentioning five potential ways to exploit App management vulnerabilities, and hinting that a sixth way had been discovered. He also said that he reported the vulnerability to Apple immediately after discovering it and received a confirmation reply from Apple. However, the vulnerability has not yet been patched
#Jeff Johnson recently explained in detail how the vulnerability works on his blog. He detailed how an application could exploit this vulnerability to bypass the system's security restrictions and gain maximum privileges on the system in six different ways. This means attackers could make modifications to other applications and obtain sensitive information without the user's knowledge. Cybersecurity experts typically follow a disclosure process to safeguard the security industry. Generally speaking, once a vulnerability is discovered and reported to the manufacturer, researchers will give the manufacturer a certain amount of time to fix the vulnerability, usually 90 days. However, if the vulnerability is not resolved within this time, the researchers may make the details of the vulnerability public to alert users to the potential risk. According to reports, Jeff Johnson has given Apple enough time to fix the vulnerability, but it has still not been resolved.
Concerns about this matter are mainly focused on the security of the macOS system and user privacy protection. It also highlights the importance of collaboration between vendors and security researchers on vulnerability disclosure and resolution. For users, keeping the operating system and applications updated is an important step to reduce potential risks
Although Apple has not issued an official statement on the matter, this incident is another reminder that any system may face Cyber security issues. Promptly fixing vulnerabilities and paying close attention to the advice of security experts are key to keeping personal and institutional data safe
The above is the detailed content of Experts angrily criticize Apple: Vulnerabilities that have been exposed for a year have not yet been resolved. For more information, please follow other related articles on the PHP Chinese website!

Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

Notepad++7.3.1
Easy-to-use and free code editor

SublimeText3 Chinese version
Chinese version, very easy to use

Zend Studio 13.0.1
Powerful PHP integrated development environment

Dreamweaver CS6
Visual web development tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

Hot Topics

DeepSeek Smart AI Tool Download and Installation Guide (Apple Users) DeepSeek is a powerful AI tool. This article will guide Apple users how to download and install it. 1. Download and install steps: Open the AppStore app store and enter "DeepSeek" in the search bar. Carefully check the application name and developer information to ensure the correct version is downloaded. Click the "Get" button on the application details page. The first download may require AppleID password verification. After the download is completed, you can open it directly. 2. Registration process: Find the login/registration portal in the DeepSeek application. It is recommended to register with a mobile phone number. Enter your mobile phone number and receive the verification code. Check the user agreement,

Why can’t the Bybit exchange link be directly downloaded and installed? Bybit is a cryptocurrency exchange that provides trading services to users. The exchange's mobile apps cannot be downloaded directly through AppStore or GooglePlay for the following reasons: 1. App Store policy restricts Apple and Google from having strict requirements on the types of applications allowed in the app store. Cryptocurrency exchange applications often do not meet these requirements because they involve financial services and require specific regulations and security standards. 2. Laws and regulations Compliance In many countries, activities related to cryptocurrency transactions are regulated or restricted. To comply with these regulations, Bybit Application can only be used through official websites or other authorized channels

It is crucial to choose a formal channel to download the app and ensure the safety of your account.

The AI assistant "Doubao" launched by ByteDance, the parent company of TikTok, has attracted attention for its powerful generation capabilities. This guide provides simple steps to help you start your bean bag journey with ease. You can log in to Doubao through the web version (doubao.com) or Android App. You need to use your Douyin account for the first time. After logging in, you can try functions such as text creation, image generation, and voice interaction (Android App only) to explore the fun of AI creation.

This article will guide you in detail how to access the official website of Gate.io, switch Chinese language, register or log in to your account, as well as optional mobile app download and use procedures, helping you easily get started with the Gate.io exchange. For more tutorials on using Gate.io in Chinese, please continue reading.

Ouyi OKX is a world-leading cryptocurrency exchange that provides users with a safe and convenient trading experience. Users can download Ouyi OKX's mobile apps, including Android and Apple versions through official channels.

The official download steps of the Sesame Open Exchange app cover the Android and iOS system download process, as well as common problems solutions, helping you download safely and quickly and enable convenient transactions of cryptocurrencies.

Abstract: This article aims to guide users on how to install and register a virtual currency trading application on Apple devices. Apple has strict regulations on virtual currency applications, so users need to take special steps to complete the installation process. This article will elaborate on the steps required, including downloading the application, creating an account, and verifying your identity. Following this article's guide, users can easily set up a virtual currency trading app on their Apple devices and start trading.
