[Blake]

Tag: Apple Exploits
For those that have not been keeping up on the security world tabloids, Core Security had discovered vulnerabilities to Apples's iCal application. Apple disagreed with them about the seriousness of the vulnerabilities. At this time some people believe core security released a separate more serious vulnerability before Apple had the time to fix it as a statement to apple. Obviously the motives behind the release are pure speculation, but lets think of a different side to this argument. Who cares? When did it become the responsibility of the security researchers to control the release of the exploits?

Apple has it's own security team internal to the organization. Unfortunately they are unable to catch all of the flaws within their software. Security researchers both amateur and professional provide a service to those organizations by discovering the exploits and releasing them publicly. Any notification they give the company is purely a courtesy. The software companies need to treat them as such, and work with them. If they are unhappy with dealing with the external security community maybe they should have tighter controls internally.

Now I know I am going to receive some flames about how Core Security is just looking for headlines. Well my opinion is good for them, it is their business. Did you think the security community is a charity business?
DIGG IT!

Reference: Insanely Great