Security News > 2020 > August > Safari Bug Revealed After Apple Takes Nearly a Year to Patch

A security researcher disclosed details of an Apple Safari web browser security hole that could leak files with other browsers and applications and open the door to exploitation by attackers.

The disclosure came only after Apple said it would delay patching the vulnerability for nearly a year.

After much back and forth, earlier this month Apple said it would address the issue in the Spring 2021 update to Safari, which would be nearly a year after the issue was reported.

The disclosure shows the ongoing tension between Apple and security researchers, which many thought was on its way to being solved when the company finally opened its bug bounty program to the public in December 2019, a move announced four months before at Black Hat in August.

Now researchers can receive up to $1 million for the most critical of zero-day flaws on its latest hardware, and between $25,000 to $500,000 for discovering vulnerabilities in range of other products, including Macs, iPhone and iPad, and Apple TV. Even after the changes some notable researchers, including Google's Project Zero Ian Beer-known for discovering a number of zero-day iOS flaws-balked at participating in the Apple bug bounty program.

News URL

https://threatpost.com/safari-bug-revealed-after-apple-takes-nearly-a-year-to-patch/158612/