|
|
|
|
|
|
by Someone
26 days ago
|
|
|
Could be any (combination) of - looking at components in isolation, not realizing that a component could receive untrusted input - looking at the entire system, but not in a configuration that made the CVE possible - having to be extremely lucky to find the issue through fuzzing, and Apple not hitting that jackpot - having found the issue in testing, but incompletely/incorrectly fixing it - mostly focusing testing on other components because this one’s code didn’t change and hadn’t seen issues in years I don’t think we have enough info to know which (or something entirely different) it is. |
|
|