zlacker

[parent] [thread] 2 comments
1. pilif+(OP)[view] [source] 2022-06-22 13:17:21
Apple thinks (and I'm inclined to agree) that no browser engine is safe enough to be on the platform but as there has to be at least one by necessity, they might as well reduce the attack surface by restricting it to a single one that's tightly integrated with the OS security measures and which is updated together with other OS updates.
replies(1): >>pmoria+a2
2. pmoria+a2[view] [source] 2022-06-22 13:32:03
>>pilif+(OP)
Following that reasoning there should only be one app of each kind on the platform: an Apple app.

Minimize attack surface, minimize choice.

replies(1): >>pilif+cm
◧◩
3. pilif+cm[view] [source] [discussion] 2022-06-22 15:09:03
>>pmoria+a2
A calendar app provides a much smaller attack surface than a browser. It can also perform good enough without the need for JIT compilation.

As I said in my comment: I believe Safari and the underlying WebKit to be the most complex and most insecure part of iOS by multiple orders of magnitude.

Not adding more of equally complex and demanding pieces does provide a significant reduction of attack surface

[go to top]