“This issue was reported by sisu from CTF team HXP and discovered by a member of Apple Security Engineering and Architecture (SEAR) during HXP CTF 2022,” the Google employee wrote.Īfter this story first published, TechCrunch viewed a Discord channel where someone claiming to be the Apple employee who originally found the zero-day explained their side of the story, particularly the reason why they didn’t report the bug immediately, in response to Sisu, the person who reported the bug to Google.
The bug was instead reported by someone else who also participated in the competition, didn’t actually find the bug themselves and wasn’t even on the team that found the bug. But that Apple employee did not immediately report the bug, which at the time was a zero-day - meaning Google wasn’t aware of the bug and no patch had been issued yet. While the bug itself is not newsworthy, the circumstances of how this bug was found and reported to Google are, to say the least, peculiar.Īccording to a Google employee, the bug was originally found by an Apple employee who was participating in a Capture The Flag (CTF) hacking competition in March.
Google fixed a zero-day in Chrome that was found by an Apple employee, according to comments in the official bug report.
0 kommentar(er)
