A not fun fact: I didn't get a security bounty for a macOS release that was done specifically to address an issue I found.
https://mjtsai.com/blog/2024/05/14/no-bounty-for-kernel-vulnerability/
The rational was that I disclosed the issue publicly. Which I did after reporting it in the beta releases, and after they said “we're unable to identify an issue in your report”, AND AFTER THEY RELEASED THE FUCKING VULNERABILITY.
https://mastodon.social/@chockenberry/111580066311950281
I have no energy/desire to argue with Apple, but this ain't a good look for a $3T company.
Craig Hockenberry /
npub19y…56avn
2024-05-14 22:41:06
Author Public Key
npub19yc04xlts67rk2l0dv74w4hgeexx0p23jnf9eh3xjlc75mhukn2sf56avnPublished at
2024-05-14 22:41:06Event JSON
{
"id": "2f346c59f562ea9e1049b1488b0eb1b03b1fd2841bc8e00bb1a3ad9ae8aa80b2",
"pubkey": "2930fa9beb86bc3b2bef6b3d5756e8ce4c67855194d25cde2697f1ea6efcb4d5",
"created_at": 1715726466,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/@chockenberry/112441849676833523",
"web"
],
[
"proxy",
"https://mastodon.social/users/chockenberry/statuses/112441849676833523",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.social/users/chockenberry/statuses/112441849676833523",
"pink.momostr"
]
],
"content": "A not fun fact: I didn't get a security bounty for a macOS release that was done specifically to address an issue I found.\n\nhttps://mjtsai.com/blog/2024/05/14/no-bounty-for-kernel-vulnerability/\n\nThe rational was that I disclosed the issue publicly. Which I did after reporting it in the beta releases, and after they said “we're unable to identify an issue in your report”, AND AFTER THEY RELEASED THE FUCKING VULNERABILITY.\n\nhttps://mastodon.social/@chockenberry/111580066311950281\n\nI have no energy/desire to argue with Apple, but this ain't a good look for a $3T company.",
"sig": "b8c7889be0a59f880243d4263f6c1afc3b6f00a611dfbd59a845a00606aebedb0acd77da22f9015378c8fda9dc82a2acbc357113fb5a59315cc16c018f8409f9"
}