[egwynn]

I can’t imagine why they would be. If I were them I’d be happy to have such a comprehensive pentesting resource to test against.

[freedomben]

Exactly. Project zero consists of some of the best security experts in the world. They also strictly practice responsible disclosure. I can't imagine why anybody would be mad to get such a great review and test for free, from such a great team.

[wyldfire]

I suppose he means the disclosure and not the testing itself.

> The vulnerabilities presented in this research are present in iOS up to (and including) version 10.3.3 (apart from #1, which was fixed in 10.3.3).

This seems like it's old enough that Apple probably doesn't mind anymore.

[reducesuffering]

Project Zero discloses the vulnerabilities to the affected 90 days before releasing to the public. It's probable that Apple was notified and patched this because of Project Zero. Once it's been patched or 90 days are up, then Project Zero discloses to the public.

[MBCook]

They mentioned it’s fixed in iOS 11 so all Apple has to do is tell people to update their devices (which they always push anyway).

It’s not like there is no fix for it.

[eisa01]

A lot of corporate customers have still not approved iOS for upgrades, so it's actually a big issue

[chatmasta]

Sounds like the corporation's problem, willingly ignoring security updates.

[alsetmusic]

> Sounds like the corporation's problem, willingly ignoring security updates.

A properly vetted update requires both compatibility testing and security testing. It would be irresponsible to push an OS update without verifying that it will not damage productivity or bring down defenses.

[alwillis]

iOS 11 Installed on 25% of Devices One Week After Launch--https://www.macrumors.com/2017/09/26/ios-11-one-week-25-perc...