Apple Security “blog”

“It’s a trick. It’s not dead. Get an axe.”

Apple yet again unleashes “a blog” to “address the community”, Apple Security this time. … I can’t recall what the title of the last one was, it lasted like 2 posts a few years back. Same pattern:

  • No author names
  • No RSS
  • No comments
  • No way to send feedback at all, even to their ghost town forums.

First post is a long, rambling dissection of a new kernel malloc, maybe reducing the memory access errors that keep giving h4xx0rz 0-days into Apple gear. No actionable content; it’s for them to say they’re doing something, not you to improve your code.

Second is an update claiming now they’re gonna actually pay out bug bounties, even tho it’s been a nightmare to extract a red cent from them in the past, honest kick the ball this time for sure, Charlie Brown.

Zero trust in this meaning anything. I bet Grubs fellates this like the second coming of WWDC.