Maynor reveals missing Apple flaw
At last year’s Black Hat convention security researcher David Maynor gave a short video presentation in lieu of an actual exploit demo. The video is deceptive because Maynor claims to be using a 3rd party card, but the Macbook he claimed to be using it on had no place to plug it in. Many took this to mean that the entire presentation was a fraud, without reading between the lines. Maynor has now revealed details he was previously under legal pressure to keep to himself. These details now reveal that even though the flaw was in a 3rd party driver, Apple still pressured Maynor to keep it quiet. Apple later fixed the flaw, but did not give Maynor or his colleague Jon Ellch credit. Apple even went so far as to craft a blog entry intended to be posted by Maynor disclaiming any possible threat to Apple laptops. Maynor is now at a new company and has vowed not to inform Apple of any new flaws he finds. Apple needs to learn an important lesson here. Pushing researchers away only ends up hurting you as your source of information dries up.