A story in three parts 馃樁 #log4j
60
1,199
238
4,266
Disclaimer: I'm fairly sure I'm not the first one to have tried this but I flagged it with Apple's product security team either way. I'm sure they are busy enough patching their systems 馃槄

Dec 10, 2021 路 4:27 PM UTC 路 Twitter Web App

4
14
1
451
Disclaimer虏: Normally I wouldn't share such vulns before the vendor has had a chance to mitigate. However, I chose differently in this case because 1) The issue is already very widespread 2) I likely wasn't the first one to tell Apple 3) It's a prime example of how deep this goes
5
25
539
Replying to @chvancooten
I don't get the 3rd screenshot.
1
Oh, the network details of the IPs that made the DNS requests...
1
Replying to @chvancooten
@chvancooten According to what we already know about how e.g. Apple deals with bug bounty payouts... And this is one of the biggest companies if we compare the purchasing power, I would do the same. For the reason that nothing has changed and Apple is fleecing their developers.
2
Replying to @chvancooten
Sorry im too junior for this, how about the picture 2nd? How thats code work on 2nd? Please explain detail