Fallacy of the Sandbox

Interesting article about how some App Developers were able to get an app on the App Store that stole important data from other apps.

http://arstechnica.com/security/2015/06/serious-os-x-and-ios-flaws-let-hackers-steal-keychain-1password-contents/

Like the TSA, I maintain that it’s security theater.

What surprised me is that some of the ways in which they broke the Sandbox were so simplistic! Like having a helper application with the same bundle id as the application you want to attack.

Well, don’t go posting any more nude selfies online for a while. :wink:

Darn it…

it’s remarkable that there is still no comment on this by Apple… this flaw is known for a half year the article says.