alt Hacker NewsApple made it very clear that their security concerns related to third party browsing engines are about difficult-to-contain threats posed by JIT compilation. (JITs require non-text memory pages to be executable.) Apple doesn’t allow other apps to use such technology, so they’re consistent in that respect.
Apple even disables JIT for Safari itself when you put an iPhone in lockdown mode, at no small cost to performance, in an effort to harden the device even more.
Do you have a rebuttal to that?
Replies
>Do you have a rebuttal to that?
People should be allowed to run the software they want on a device they paid a lot of money to own. Period.
https://www.justice.gov/archives/opa/media/1344546/dl?inline
Yes. Safari is a less secure browser than Chrome, architecturally. Took far longer to ship sandboxing. Still hasn't fixed SLAP and FLOP. Still hasn't shipped proper site isolation. Takes far longer to fix reported vulnerabilities, and consistently "fixes" them superficially and incorrectly, requiring another fix.
Enough with the Apple fanboy paternalism. They don't need absolute control "for users' sake". They're not entitled to it.
That's just their excuse. Javascript is used on practically every web browser in existence, across billions of devices, and it does not have the security risks that Apple claims. It just doesn't. There are plenty of other flaws in their own web browser that have allowed remote code execution, but Javascript isn't typically one of them, in any browser, in any platform, in the last decade or more.
And there are plenty of apps in Apple's app store that are malicious. So the JIT excuse is just Applespeak for "we control what our competitors can do on hardware we supplied that someone bought and paid for". It's abuse and they are being sued by the DOJ. Just read the lawsuit so I don't have to reply to any more of your comments:
https://www.justice.gov/archives/opa/media/1344546/dl?inline