> On Jun 24, 2016, at 3:54 PM, Quincey Morris > <quinceymor...@rivergatesoftware.com> wrote: > > 1. [Security] Being able to select an arbitrary file programmatically might > lead to spearphishing exploits, where the user is tricked into opening a file > that is otherwise inaccessible from code in the sandbox.
How could this be a security threat, when a malicious program could just set canChooseDirectories to true, open the panel to the app’s parent directory, and spearphish the user into clicking OK on that? Making it not work with app bundles doesn’t seem to introduce any loopholes that aren’t there already. Charles _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
