On Aug 22, 2012, at 4:37 PM, Graham Cox <[email protected]> wrote:
> Where life is made difficult is with more general access to the file system,
> which is a perfectly legitimate thing to do. A user stores various media all
> over the file system and there is no reason why an app shouldn't have access
> to it.
Except this is how cyber espionage works.
The "Pretty Girls" calendar application is a Trojan horse that, upon reaching a
certain date (i.e., after it is approved by Apple), starts reading your
Word/Pages document and exfiltrating them off the system.
Or the "Special Draw" application has a vulnerability, a user reads in a
malicious document, and a command & control agent is dropped on your system.
I put together a little demo and video demonstrating this last example (it's
actually a dig at the antivirus/security industry):
Glowing Embers: The Myth of the Nation State Requirement
http://www.netsq.com/Podcasts/Data/2012/GlowingEmbers/
Unfortunately, I too have problems with the Mac App Store restrictions,
including no privilege escalation, but I do not have a good solution to
recommend. :-\
Todd
_______________________________________________
Cocoa-dev mailing list ([email protected])
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to [email protected]
