Danish security firm Secunia has published information on two unpatched vulnerabilities in Apple’s Safari 5 browser on Friday, after the consumer-technology firm allegedly failed to provide status updates on the patch process, reports “InfoWorld” (http://macte.ch/6O6wT).
Secunia reported the two vulnerabilities — one of which could result in remote exploitation of a user’s machine under certain circumstances — to Apple more than six months ago, Secunia says. You can read more at http://secunia.com/blog/310/ .
“In this specific case, Apple had six months to look into the coordinated vulnerability – and 8.5 months looking into another Safari vulnerability also published this week,” Secunia sys. “As both vulnerabilities were subject to our old disclosure policy, Apple had up to one year to issue fixes as long as they could provide proper status updates. Our new disclosure policy published in 2012 provides a six-month semi-hard deadline.”