Apple Employee Discovers Vulnerability in Chrome, Fails to Report

Error Discovered in March 2023 by SEAR Team

The error was discovered in March 2023 by the Security Engineering and Architecture (SEAR) team. However, the team did not immediately notify the appropriate individual about this error. Instead, another member of the CTF group, who was not even part of the team that discovered the error, made the announcement.

User Gallileo Publishes Own Version on Discord

On July 6, a user with the nickname Gallileo, who claimed to be an Apple employee, posted their own version of this story on the Discord channel. According to Gallileo, it took them two weeks to identify the main cause of the error and develop a solution.

Exploits and the Exploit-A-A-Service Scheme

Exploits are typically classified and referred to based on the following criteria: the type of vulnerability exploited, whether they are executed locally or remotely, and the consequences of the exploit (e.g., EOP, DOS, Spulping). One of the schemes that offer zero-day exploits is named Exploit-A-A-Service.

/Reports, release notes, official announcements.