undefined | Better HN

0 pointsroc14y ago0 comments

The sandbox lessens the risk of said overflows. Instead of exploiting a flaw in an interpreter or file handling function and getting control of the entire machine, you'd only get control of the sandbox's context.

The only way to parlay that into control of the system would be to break the sandbox. And then, because OS X default security is fairly sane, the only way to do real lasting damage is to use a further exploit to escalate your permissions.

0 comments

gizzlon14y ago

True, but that would be true without signed apps as well.

Also, I guess it depends on what the app does and what you mean by "real lasting damage".

j / k navigate · click thread line to collapse

0 pointsroc14y ago0 comments

0 comments

gizzlon14y ago

True, but that would be true without signed apps as well.

Also, I guess it depends on what the app does and what you mean by "real lasting damage".

j / k navigate · click thread line to collapse