Michael Tsai on Twitter: "@rosyna But, aside from your example of Flash, where is the code that’s exploiting these bugs?"

Country	Code	For customers of
United States	40404	(any)
Canada	21212	(any)
United Kingdom	86444	Vodafone, Orange, 3, O2
Brazil	40404	Nextel, TIM
Haiti	40404	Digicel, Voila
Ireland	51210	Vodafone, O2
India	53000	Bharti Airtel, Videocon, Reliance
Indonesia	89887	AXIS, 3, Telkomsel, Indosat, XL Axiata
Italy	4880804	Wind
3424486444	Vodafone
» See SMS short codes for other countries

Michael Tsai ‏@mjtsai Feb 14

@rosyna I don’t remember that being presented as the main motivation. I don’t think anyone’s worried about apps accidentally printing.
Rosyna Keller ‏@rosyna Feb 14

@mjtsai That was the only motivation when sandboxing was added to OS X for system services, which was before the Mac App Store existed.
Michael Tsai ‏@mjtsai Feb 15

@rosyna I’m not sure how the original reason the technology was developed is relevant to the policy decision about using it now.
Rosyna Keller ‏@rosyna Feb 15

@mjtsai Because it's never been used to protect against malicious apps. As I said, those apps can always ask the user which files to destroy
1 like
Michael Tsai ‏@mjtsai Feb 15

@rosyna Apple’s docs says "Enable App Sandbox to Minimize Damage from Malicious Code". https://developer.apple.com/library/mac/documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/AboutEntitlements.html …
Rosyna Keller ‏@rosyna Feb 15

@mjtsai Yes, malicious code that hijacks and exploits a security vulnerability in your app.
1 retweet 1 like
Michael Tsai ‏@mjtsai Feb 15

@rosyna Where is that code running? And why wouldn’t it also be able to make the app ask the user which files to destroy, as you say?
Rosyna Keller ‏@rosyna Feb 15

@mjtsai the malicious code runs inside the legitimate app. That's how all flash exploits work. A user would notice an unusual dialog.
1 retweet 1 like
Michael Tsai ‏@mjtsai Feb 15

@rosyna So you’re saying that the reason the Mac App Store requires sandboxing is to protect against Flash, which most apps don’t use?
Rosyna Keller ‏@rosyna Feb 15

@mjtsai No, it's to prevent bugs in the apps from being exploited and doing harm to other parts of the system.
1 like

‏@mjtsai

@rosyna But, aside from your example of Flash, where is the code that’s exploiting these bugs?

1:53 PM - 15 Feb 2016

1. View other replies
2. View other replies
3. View other replies
4. View other replies
5. View other replies
6. Show more

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

Michael TsaiVerified account

@mjtsai

Loading seems to be taking a while.

false

Saved searches

Michael TsaiVerified account

@mjtsai

Go to a person's profile

Saved searches

Retweet this to your followers?

Saved searches

Are you sure you want to delete this Tweet?

Promote this Tweet

Block

Add a location to your Tweets

Profile summary

Your lists

Create a new list

Copy link to Tweet

Embed this Tweet

Embed this Video

Preview

Log in to Twitter

Sign up for Twitter

Not on Twitter? Sign up, tune into the things you care about, and get updates as they happen.

Two-way (sending and receiving) short codes:

Confirmation

Buy Now

Hmm... Something went wrong. Please try again.

Welcome home!

Tweets not working for you?

Say a lot with a little

Spread the word

Join the conversation

Learn the latest

Get more of what you love

Find what's happening

Never miss a Moment

Loading seems to be taking a while.

Promoted Tweet

false