|
|
|
|
Apple Scammed Me
|
|
1 points
by opzz
1175 days ago
|
|
|
A couple of weeks ago I found what I considered to be a low level vulnerability in iMessage. You could clobber an iMessage that had been sent to you with your own custom message. There were no visual effects and it withstood context switches at the very least. I was modifying real memory in iMessage FROM THEIR GUI. In apple's defense I never bothered to hunt down how severe of a problem this was (ie was i overflowing a buffer or was the write controlled?). Regardless they at first struggled to reproduce the exploit. It got to a point where I had to generate a sysdiagnose for them. This was 8 days ago. They immediately patched it in Ventura 13.3 without a word about it or any credit for me. I'm younger (if you couldn't tell from my profile) and it would've meant a lot to me career wise as I work in RE/VR. I've seen much less severe things get designated CVEs. |
|
|
What do you think Apple should have done? Include your name in the release notes? And you think that would have helped your career?
If you want the fame/career marketing, write up the process by which you discovered the bug, the steps you needed to convince Apple it was a problem, and end with a note that it's fixed in Ventura 13.3. That's how people can get a sense of what you can do.
Do NOT imply that Apple scammed you. For one, it's not a scam - "cheated" might be an appropriate term, barely.
More importantly, if you need the career marketing then you'll want your future clients and employers to know that you aren't someone to go off half-cocked.