Westerhof reported the vulnerabilities he found to SMA but did not publicly release his methods, for fear that they might be misused)—and the manufacturer issued a statement saying it was aware of the flaws and working to correct them.
He said the company plans to report the vulnerabilities to its customers, described on its Web site as "major corporations in defense, technology, and finance" and government organizations "in need of specific tailored cybersecurity capabilities". But it isn't planning to immediately tell Apple how the hack works, although it may do so "later," he said.
As a result of our research, Onapsis reported the vulnerabilities that lead to almost 70% of the security patches that SAP released for its main component called SAP HANA.
A website called Smartphone Champ first reported the vulnerability.
If you become aware of a vulnerability involving an out-of-scope domain, it is still appropriate to report the vulnerability via this program, and the same safe harbor provisions apply to protect those who responsibly report.
The hacker has reported the vulnerability to Apple, and is withholding further information on how, exactly, to trigger it until the company rolls out a patch to affected users – refusing even to get into the source of the name, since that reveals information which could be used to replicate the attack.
Ryan said he reported the vulnerability to BrilliantTS, the manufacturer behind Fuze, but the company had not yet released a fix at the time of publication.
He reported the vulnerability to PayPal through their Bug Bounty Program at the end of March, but reached out to Duo Security when he hadn't received much response after a month.
The researchers reported the vulnerability to Tesla in 2017, and the company paid them a $10,000 bounty, but the company didn't fix it until June 2018.
I reported the vulnerability to Adobe through the Stanford Security Lab, but they didn't respond for a few weeks, so I decided to post about it on my blog.
