| For what it's worth, the GitHub README.md calls it a Zero day so they apparently didn't give Apple any heads up to prepare for the release of the exploit. While a same day/same week fix is ideal, 23 days isn't that bad given a QA cycle. Patches for Meltdown/Spectre are just still their way out/not yet released for Microsoft's Server OSes for a point of comparison [1]. I wish I could have found something newer, but according to Symantec the average resolution time found in their 2015 study was 69 days[2]. The last time Apple rushed a fix out.. it didn't go so well[3]. Now, while I'm waxing poetic, I may as well frighten you with a recent RAND corp study about how long Zero Days can be known privately before publicly disclosed [4]. It also doesn't take too long to weaponize them [5]. This stuff sucks and is really nerve racking for anyone involved in security even tangentially. It's really easy to criticize but I guarantee that anyone on Hacker News who has written any meaningful software has released a security flaw. If you think you haven't you're absolutely kidding yourself and should reevaluate your stance. [1] https://social.technet.microsoft.com/Forums/windowsserver/en... [2] https://www.symantec.com/connect/blogs/guide-zero-day-exploi... [3] https://nakedsecurity.sophos.com/2017/11/30/apples-blank-roo... [4] https://www.rand.org/news/press/2017/03/09.html [5] https://securityintelligence.com/news/zero-day-research-time... |