Apple - How can I report security vulnerabilities for open source OSX applications?

You can contact Apple about this at [email protected] (or you can open a Radar report if you're a developer), or you contact the maintainer of the package.
Often the mail addresses can be found in the README (or AUTHORS) of the source code, or on the project's website.

Yes - both Apple (specifically) and the open source developers (in general) do reference CVE in patch and security emails and participate using that mechanism for tracking reported vulnerabilities.


Apples official security posture is Apple Product Security.

But I would say that your best bet would be to submit vulnerabilities via the Apple Bug Reporter and their product-security email address . Additionally, if the part with the vulnerability is an open-source project, you should also notify the open source project as well.

Tags:

Macos

Security

Open Source

Bug

Related

Apple - Where are Microsoft Office for Mac My Templates stored? Apple - Share internet connection from a PC to an iPhone through the USB cable Apple - Where are System Preferences settings stored? Trying to script equal brightness settings for two monitors Apple - Choosing the default application does not stay as default after reboot Apple - How do you type a true minus sign (not a hyphen) on a Mac? Apple - Automatically scan/cycle through safari tabs? Apple - Can I view system stats in the Terminal? Apple - Is it possible to disable auto mount of external devices? Apple - Can I lower the minimum volume on my Mac? Apple - Is there a way to auto-complete the open command in Terminal? Apple - What should I do when the menu bar seems frozen/unresponsive? Apple - Can my Macbook Pro's display receive inputs from other sources?

Recent Posts