Google 's Project Zero has again called Apple out for silently patching Vulnerability-related.PatchVulnerability flaws . Apple has secretly patched Vulnerability-related.PatchVulnerability a bunch of high-severity bugs reported Vulnerability-related.DiscoverVulnerability to it by Google 's Project Zero researchers . The move has resulted in Google 's Project Zero once again calling Apple out for fixing Vulnerability-related.PatchVulnerability iOS and macOS security flaws without documenting them in public security advisories . While it 's good news that Apple beat Project Zero 's 90-day deadline for patching Vulnerability-related.PatchVulnerability or disclosing Vulnerability-related.DiscoverVulnerability the bugs it finds Vulnerability-related.DiscoverVulnerability , the group 's Ivan Fratric recently argued that the practice endangered users by not fully informing them why an update should be installed . This time the criticism comes from Project Zero 's Ian Beer , who 's been credited by Apple with finding Vulnerability-related.DiscoverVulnerability dozens of serious security flaws in iOS and macOS over the years . Beer posted Vulnerability-related.DiscoverVulnerability a blog about several vulnerabilities in iOS 7 he found Vulnerability-related.DiscoverVulnerability in 2014 that share commonalities with several bugs he has found Vulnerability-related.DiscoverVulnerability in iOS 11.4.1 , some of which he 's now released exploits for . Beer notes Vulnerability-related.DiscoverVulnerability that none of the latest issues is mentioned in the iOS 12 security bulletin even though Apple did fix Vulnerability-related.PatchVulnerability them . The absence of information about them is a `` disincentive '' for iOS users to patch Vulnerability-related.PatchVulnerability , Beer argues . `` Apple are still yet to assign CVEs Vulnerability-related.DiscoverVulnerability for these issues or publicly acknowledge that they were fixed Vulnerability-related.PatchVulnerability in iOS 12 , '' wrote Beer . `` In my opinion a security bulletin should mention the security bugs that were fixed Vulnerability-related.PatchVulnerability . Not doing so provides a disincentive for people to update Vulnerability-related.PatchVulnerability their devices since it appears that there were fewer security fixes than there really were . '' In other instances , such as one macOS bug Beer reported Vulnerability-related.DiscoverVulnerability , Apple did actually assign a CVE Vulnerability-related.DiscoverVulnerability , but it still hasn't updated Vulnerability-related.PatchVulnerability the relevant security bulletin to reflect the fix . Apple similarly allocated Vulnerability-related.DiscoverVulnerability CVE-2018-4337 to another high-severity iOS bug , which was fixed Vulnerability-related.PatchVulnerability in iOS 12 , but is n't currently acknowledged Vulnerability-related.DiscoverVulnerability in the iOS 12 security bulletin . In another case , Apple fixed Vulnerability-related.PatchVulnerability a bug that affected Vulnerability-related.DiscoverVulnerability iOS and macOS but didn't assign Vulnerability-related.DiscoverVulnerability a CVE or mention it in the security bulletins . Not only may it be a disincentive for end-users to patch Vulnerability-related.PatchVulnerability iPhones and Macs , but Beer also points out Vulnerability-related.DiscoverVulnerability in another bug report that the lack of public acknowledgement Vulnerability-related.DiscoverVulnerability by Apple means he has no way of knowing whether the issue is a duplicate that another researcher may have already found Vulnerability-related.DiscoverVulnerability . As he notes Vulnerability-related.DiscoverVulnerability in the blog , many of the bugs he has found Vulnerability-related.DiscoverVulnerability in iOS are very similar or the same as bugs found Vulnerability-related.DiscoverVulnerability by noted jailbreaking hackers Pangu Team .