1 article
Apple updated multiple security pages on 26 May to add CVE identifiers and technical details for vulnerabilities that were patched weeks or months earlier with minimal public disclosure. The retroactively disclosed issues include a CoreServices root escalation via malicious app, a Siri Private Browsing bypass, and a call history fingerprinting flaw — none were disclosed as separate security updates at the time of patching.
Apple routinely patches vulnerabilities without disclosing CVE IDs, adding them retroactively weeks later. This is criticised as a transparency failure. But Apple is not uniquely bad at this — it is doing what the industry's incentive structure rewards.
CipherWatch Editorial
Security Intelligence Platform