On May 29, 2012, at 7:17 AM, Mikkel Islay wrote: > Shipley argues from the pretense that App Sandboxing is a technology intended > to shield the user form the intentions of the software developer. That is of > course not the case. From the docs: "App Sandbox provides a last line of > defense against stolen, corrupted, or deleted user data if malicious code > exploits your app." > Of course App Sandboxing will have bugs, and no doubt someone might write an > arbitrarily sophisticated malware app which could make it past the review, > but is that an argument against sandboxing? It is intended to secure apps > (and users) after deployment. Recently someone posted a link to a blogpost, > describing manipulation of the ObjC-runtime to attack third-party apps on > compromised iOS-devices. App sandboxing is meant to limit the effectiveness > of that type of attack on OS X. Is that a important or credible type of > attack on OS X? Shipley's arguments all but ignores that question.
It sounds like sandboxing would limit its effectiveness, but the fact that Apple is not sandboxing the majority of its own apps means there are still lots of opportunities for this kind of attack. Best, __jayson Circus Ponies NoteBook - Introducing An App That Boosts Your Productivity at Work or School, So You Get The Grades, Raises and Promotions You Want. www.circusponies.com _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
