Apple is a mega corporation that nearly smashed the reputation of two individuals with bogus claims of fraud. It didn’t matter that they weren’t the ones pulling the trigger because they were pulling all the strings. . . .
So what was the end result of all this? Apple continued to claim that there were no vulnerabilities in Mac OS X, but came a month later and patched its wireless drivers (presumably for vulnerabilities that didn’t actually exist). Apple patched these “nonexistent vulnerabilities” but then refused to give any credit to David Maynor and Jon Ellch. Since Apple was going to take research, not give proper attribution, and smear security researchers, the security research community responded to Apple’s behavior with the MoAB (Month of Apple Bugs) and released a flood of zero-day exploits without giving Apple any notification. The result was that Apple was forced to patch 62 vulnerabilities in just the first three months of 2007, including last week’s megapatch of 45 vulnerabilities.
Example of corporate abuse
: Apple misleads the public about a vulnerability in their operating system. Apple blames the researcher community, which revealed the vulnerability but did not cause it. Apple carefully orchestrates a smear campaign to make the public believe that the Mac OS is not vulnerable and that the researchers are malicious.
Example of public repercussions
: The larger researcher community strikes back by demonstrating other ways the Apple OS is vulnerable. Apple needs to release 62 patches from January to March 2007 before the demonstration is over. But, the greater public still believes the researchers who identified the vulnerability, caused it.
: If a being or organization is willing to lie to the public and also to launch a full-out public relations campaign selling that lie to the public, the likelihood that the public will believe the lie is great. There exist plenty of historical examples where the public has been misled by sophisticated public relations campaigns.