1. 12
  1.  

  2. 2

    This is a really interesting analysis but - why put this much time and effort into volunteer work for a multi-billion-dollar for-profit company?

    To be clear, I think that it’s great that companies like Apple exist, and make gigantic profits for their owners while selling things customers want. This isn’t some sort of thinly-veiled anti-capitalism here.

    The thing that confuses me is why developers volunteer their time to help Apple, when there are countless free / open-source software projects that could equally benefit from such volunteer work? Bluntly, if Apple wants your time, they should be paying for it.

    1. 1

      After notifying Apple about the silent patch without credit, I sent them another email on July 8th, warning them about this article. Because they did not respond, I am making this post public. I have a couple more bugs on the shelf which I am considering to write about for educational purposes.

      I truly hope Apple changes the way they handle these kind of bugs. In my opinion, the way they are managing such issues is a major reason why people contemplate selling vulnerabilities to third-party vendors like Zerodium.

      While I loved the tech. analysis of this bug, Apple’s communication practices really look like they’re not worth the effort.