Apple remains silent

Having recently ruffled Microsoft’s feathers by (responsibly) disclosing three unpatched vulnerabilities in Windows to the general public, Google’s Project Zero team has now turned its attention to the other side of the PC-Mac divide. The outfit recently spilled the beans on three zero-day vulnerabilities in Apple’s OS X operating system.

It is not that Google’s bug hunters have trained their guns on OS X all of a sudden, as part of some sort of balancing act. The Project Zero team privately notified Apple about the three bugs in October and, as is its standard operating procedure, gave the latter 90 disclosure-free days in each case to come up with a fix. The 90-day responsible disclosure deadline in each of the three cases expired earlier this week and as a result the vulnerabilities are now out in the open.
Unlike Microsoft, Apple hasn’t uttered a single word on the whole issue. This probably owes to the fact that the company has already fixed the bugs. According to iMore, all the vulnerabilities in question have already been fixed and the patches are part of OS X 10.10.2, which is currently in beta.
Do you think Microsoft should take a leaf out of Apple’s book and just concentrate on fixing bugs, or do you agree with the former that Google’s refusal to extend the disclosure deadline “feels less like principles and more like a 'gotcha'”? Or are you one of those people who would like Google — a company that has chosen to leave 60 percent of all Android users to twist in the wind by refusing to fix a bug in the default Android browser — to focus on plugging holes in its own products with the same zeal with which it adheres to the disclosure deadlines?
Follow Pulkit on Google+



More...