Finally credit from Apple Product Security

February 18, 2019

By Jeff Johnson

Good news, everyone! I finally got proper credit from Apple Product Security for the Mojave privacy protections bypass that was fixed in macOS 10.14.1 back on October 30, 2018. The Apple support page describing the security content of macOS Mojave 10.14.1 was updated on February 15, 2019 with my new CVE-2018-4468.

I complained on February 8 that I hadn't received any credit, which immediately resulted in partial but inaccurate credit. I'm not convinced that the latest "Description" for my Automator issue is accurate — I suspect that it was simply copied from the Dock issue for which I was improperly credited — but I've got my own entry with CVE now, and that may be the best I'll ever get.

This was actually my second CVE. My first was CVE-2010-3813. By the way, compare the Description of the old CVE to the new CVE and see how much more, um, descriptive the older Description was.

There may be another CVE soon! Stay tuned.