this post was submitted on 18 Nov 2023
2 points (100.0% liked)

Apple

69 readers
11 users here now

A place for Apple news, rumors, and discussions.

founded 1 year ago
MODERATORS
 

In August, I submitted a security report via the ASR(Apple Security Research Project). The report involves a vulnerability exploitable by malicious actors, potentially granting unauthorized access to Apple ID accounts.

On Aug 31, the Apple security team validated my report, Asking me to keep conversations confidential. They confirmed the issue's resolution through a system change. Apple asked me to evaluate whether their fix worked and said it would give me credit and other potential rewards when I evaluated and confirmed the problem was resolved.

After I made the vulnerability assessment and confirmation, I heard nothing back. Until recently, I was informed that I was ineligible for credit or other recognition because Apple obtained the vulnerability from other sources.

When I pointed out their previous commitment and their specific policies, Apple modified our conversation record and webpage Fine Print, pretending It was me who hadn't read it carefully.

https://imgur.com/a/N9cX3oH

This can be verified via the Wayback machine.

(Part of the image has been redacted because Apple still considers it confidential)

you are viewing a single comment's thread
view the rest of the comments
[–] HomerMadeMeDoIt@alien.top 2 points 1 year ago (4 children)

Delete this post now. Go talk to a pro bono lawyer.

[–] wsal32@alien.top 1 points 1 year ago (3 children)

Thank you for your advice. I will try to find legal assistance, but this post may be my only way to get a response from Apple.

[–] Certain-Breath-8245@alien.top 1 points 1 year ago

No. The only way is the legal way. You DON'T want internet attention.

load more comments (2 replies)
load more comments (2 replies)