[tzs]

> People were talking about this weeks ago on the Apple Forums, as a "neat trick"

Aren't Apple forums mostly meant as self-help forums, with minimal monitoring by Apple?

It looks like one person posted it two weeks ago, not as a bug or security problem but as a solution to the problem that the original poster had, not realizing it was a bug. People didn't seem to notice it and start talking about it there until yesterday.

I would guess that any developers at Apple that check the developer forums just look at the first post to see what problems people are reporting, and a few of the replies to see if others are seeing the problem and see what workarounds people have found.

In this particular thread that first post was in June, and by early July someone had posted a fix. Some people had trouble with that and someone posted a more detailed fix in the middle of October.

I doubt any developers would be still following that thread on November 13th, when the root bug was posted.

As far as moderators go, I'd expect that they just skim the posts to make sure they don't violate any major rules.

[roblabla]

On one part, I agree. On another, Average DevJoe on the Apple dev forums knew about it two weeks ago. It's scary to think about how many bad actors have known about it, and might have weaponized it given it is wormable, during that timeframe.

[techstrategist]

I agree with you, but I'm also curious if the techniques that are making progress in other areas (e.g. machine learning) could be used to extract meaningful data from these forums. Most bugs won't be as obvious as "login as root without password" but I imagine there is substantial signal within the noise.