[AzzyHN]

It sure is a good thing that Apple has fixed all these, and has put out patches for all effected versions, since they care about their users' privacy, right? Right?

I know Apple has now switched to 10 years for MacOS, and 7ish years of iOS, but I hope the EU passes some laws to make this a requirement, rather than something a company can choose to provide or not.

[anamexis]

Yes? As the OP states:

2022–08–08: Arbitrary file write and delete in Calendar sandbox reported

2022–10–24: (No CVE) fixed in macOS Monterey 12.6.1 and Ventura 13 (Ventura beta3 was vulnerable)

[astrange]

https://digital-strategy.ec.europa.eu/en/policies/cyber-resi...

One thing I think you won't like about this is that it's easier for large commercial vendors to comply than it is for open source projects.

[Avamander]

Apple can increase those times because that's how long it'll take them to patch issues like these.