Erik Schwiebert on Twitter: "@rosyna @mjtsai @ameaijou @drewthaler it isn’t documented, but much can be discovered by reading Apple’s usage in /Sys/Lib/Sandbox/Profiles."

Country	Code	For customers of
United States	40404	(any)
Canada	21212	(any)
United Kingdom	86444	Vodafone, Orange, 3, O2
Brazil	40404	Nextel, TIM
Haiti	40404	Digicel, Voila
Ireland	51210	Vodafone, O2
India	53000	Bharti Airtel, Videocon, Reliance
Indonesia	89887	AXIS, 3, Telkomsel, Indosat, XL Axiata
Italy	4880804	Wind
3424486444	Vodafone
» See SMS short codes for other countries

Rosyna Keller ‏@rosyna Feb 15

@mjtsai The bugs are in the apps. The malicious code is delivered multiple ways. Wikipedia has an article on RCE. https://en.wikipedia.org/wiki/Arbitrary_code_execution …
1 like
Drew Thaler ‏@drewthaler Feb 15

@rosyna @mjtsai Or touch that file or whatever. But notice that Spotify isn't malicious, in the example it's hijacked and becomes malicious
Rosyna Keller ‏@rosyna Feb 15

@drewthaler @mjtsai That actually happened to Twitter for Mac OS X a few years ago due to an image parsing bug.
1 like
Michael Tsai ‏@mjtsai Feb 15

@rosyna @drewthaler Even for things that would never be approved in the Mac App Store, so that every Developer ID app can be sandboxed.
Gwynne Raskind ‏@ameaijou Feb 15

@mjtsai @rosyna @drewthaler If such entitlements existed, a lot of Developer ID apps would be on the store.
Michael Tsai ‏@mjtsai Feb 16

@ameaijou @rosyna @drewthaler No, I mean the entitlements should go beyond what Apple would accept in the store.
Rosyna Keller ‏@rosyna Feb 16

@mjtsai @ameaijou @drewthaler There are entitlements non-MAS apps can use that MAS apps can't.
Michael Tsai ‏@mjtsai Feb 16

@rosyna @ameaijou @drewthaler Yes, I’m saying there should be more. I don’t want to run into a road block *after* adopting sandboxing.
Rosyna Keller ‏@rosyna Feb 16

@mjtsai @ameaijou @drewthaler But which ones are missing that you'd run into?
Erik Schwiebert ‏@Schwieb Feb 16

@rosyna @mjtsai @ameaijou @drewthaler if you want to be sandboxed and need custom entitlements, use raw SBPL. Rather LISPy but works well.

‏@Schwieb

@rosyna @mjtsai @ameaijou @drewthaler it isn’t documented, but much can be discovered by reading Apple’s usage in /Sys/Lib/Sandbox/Profiles.

3:46 PM - 16 Feb 2016

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

Erik Schwiebert

@Schwieb

Loading seems to be taking a while.

false

Saved searches

Erik Schwiebert

@Schwieb

Go to a person's profile

Saved searches

Retweet this to your followers?

Saved searches

Are you sure you want to delete this Tweet?

Promote this Tweet

Block

Add a location to your Tweets

Profile summary

Your lists

Create a new list

Copy link to Tweet

Embed this Tweet

Embed this Video

Preview

Log in to Twitter

Sign up for Twitter

Not on Twitter? Sign up, tune into the things you care about, and get updates as they happen.

Two-way (sending and receiving) short codes:

Confirmation

Buy Now

Hmm... Something went wrong. Please try again.

Welcome home!

Tweets not working for you?

Say a lot with a little

Spread the word

Join the conversation

Learn the latest

Get more of what you love

Find what's happening

Never miss a Moment

Loading seems to be taking a while.

Promoted Tweet

false