Stop trying to force catchy names, researchers.
From someone who works regularly with vulnerability management, it’s actually needed.
Vulnerabilities have really boring numbers and it’s difficult for humans to discuss them in a meaningful way. I believe the first vulnerability to get a “name” was heartbleed, the theory being that with a name people would take it seriously and discuss it properly. Given the severity of this vulnerability, it probably got a name but since it’s being patched by the vendors affected, it was probably not needed.
Heartbleed was needed because individual web sites had to update their software immediately or have their traffic intercepted.
kiwifoxtrot@lemmy.world 1 year ago
The exploit works on sny browser on an iPhone or iPad…
fiat_lux@kbin.social 1 year ago
Because Apple are pieces of shit which force Safari to underpin any Web interaction on those devices, which wouldn't be such a problem if mobile Safari were worth a damn.
But you're right and it's a valid point. I did miss that sentence on initial read and had forgotten about that problem. Thanks for the reminder!
tsonfeir@lemm.ee 1 year ago
It also said this hasn’t actually ever been exploited. So, looks like they’ll collect the bounty and move on. Bugs are bugs.
fiat_lux@kbin.social 1 year ago
Cha-ching! Good for those researchers, get that bag. It's much better than finding out the other way.
I'm still not calling it iLeakage though. They'll have to make do with the well-deserved cash.