LAS VEGAS. There is a lot of chatter out today about Apple canceling out on a pair of presentations at Black Hat. One of the sessions was supposed to be run by Apple staffers who were going to give an insiders look at how Apple does security response.
Though that particular session isn’t on the Black Hat schedule (and hasn’t been for a few weeks), Apple isn’t necessarily off the hook at Black Hat.
Security researcher Petko Petkov who is a well known Apple vulnerability hunter still has a scheduled talk (and as of 11:30 AM PT on Tuesday August 5th) and his talk hasn’t been canceled. According to the synopsis of his talk he will be discussing, “..numerous techniques for attacking Clients-side
Sounds painless enough. But there’s a catch.
If Apple responds before the event, I will drop the details of a QuickTime
0day for Windows Vista and XP.
Knowing Petkov (mostly by reputation) and Apple (by trying to get comments from them on security stuff), I’d bet (this is Vegas after all) that whether or not Petkov discloses the QuickTime bug or not will come down to the wire (which is Wednesday afternoon PT). Even if he doesn’t actually disclose a proof of concept for his QuickTime Zero day, having a researcher of Petkov’s caliber detail how he finds issues (he could easily just not name the company though hint at it..) is likely to be a real eye opener.
So though Apple may have decided not too allow its own people to talk, that doesn’t mean that others won’t.