Tavis Ormandy Retweeted Justin Schuh 🤬
This. It's hard to imagine how Apple are going to resolve this, it took a long time to accept that the auditor problems were fundamental, and it's hard to see how itp is any different here. Prediction: after a few failed attempts to rework it, they'll come to the same conclusion.https://twitter.com/justinschuh/status/1220021377064849410 …
Tavis Ormandy added,
Justin Schuh 🤬 @justinschuh
To add some context, Chrome's XSS Auditor was found to introduce exactly the same class of side-channel vulnerabilities. After several back and forths with the team that discovered the issue, we determined that it was inherent to the design and had to remove the code.
Show this thread
9:29 AM - 22 Jan 2020
0 replies
23 retweets
78 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.