Security Researcher Reveals iOS Security Flaw, Gets Developer License Revoked

[munkery]

It's true that most of the browsers you mentioned do require the ability to execute from memory. However, Charlie doesn't exploit the browser, he's exploiting the kernel/sandbox memory protection. That they use the same feature has no bearing on how vulnerable you are. Hence why your argument makes no sense.

In other words, whether or not said browsers are even installed has no effect on how vulnerable your system is.

UIWebView never supported Nitro because granting that support is granting the effects of this security bug to any App Store app.

How he bypassed the code signing was by tricking the OS into treating his app like it was the browser, which is able to run unsigned code but with some limitations.

Those limitation being that protected data entry and storage were not exposed by this vulnerability or the function of the browser.

So, the kernel wasn't being exploited in a way that allowed privilege escalation which is required to expose protected data entry and storage.

The banking trojans that have targeted Android include privilege escalation to expose protected data entry and storage.

 

[JAT]

From other threads I get the feeling that you hate Google.
Both cases these are Trojan horses to get into the first damage.
Apple for the most part i worry about more because well people get the very bad scene of security that nothing can go wrong and no trojans can get past Apple. Already know that can happen.

Aww, your concern for Apple product owners is so touching.

LOL, downvote away. Here, I added one just for fun.

 

[ucantgetridofme]

+1