Would this have implications for people who use Cryptomator, which uses loopback connections to a local WebDAV drive in order to encrypt/decrypt files?
Clicking this PoC link on iOS shows that the iOS Mail app suffers the same UI vulnerability. It appears like you are emailing support@paypal.com, when you are not.
> “To be clear, this is not a vulnerability or bug in Apple’s code... basically just unclear/confusing documentation that led to people using their API incorrectly,” Wardle told Ars. “Apple updated [its] documents to be more clear, and third-party developers just have to invoke the API with a more comprehensive flag (that was always available).”
Ultimately you have to opt-in to doing any checks in the first place, no matter the API. So does that make every API insecure, since you could always just "return true" at the bottom of your authentication function?
To put it differently: Who's to say whether they were using the checks wrong, or just doing the wrong checks?
The API provided an easy way to check a binary file for a signature, and you just have to open the bundle, grab the binary, and pass it to the API. Oh, if there’s more than one binary in the bundle (there almost never is these days), then you should make sure to check each binary.
“Almost never is” except when an attacker knows you’re counting on this fact, and poisons a good bundle with a bad binary that your code skips over, but macOS doesn’t when it executes the binary.
Actually it's not THAT uncommon for fat binaries to contain multiple architectures. True, on today's macOS (and especially in the fall when 32bit support will be deprecated in 10.14), it looks like x86_64 rules supreme, but for a long while it was common to have combined i386 and x86_64 fat binaries, and before that, combined ppc and i386 binaries. Finally, it's not far-fetched to believe that in the medium near future, we'll need fat binaries with x86_64 and aarch64.
Edit: actually, even in today's mostly-x86_64-only world, there are fat binaries in macOS, because there is a separate "x86_64h" architecture for "haswell and better". So even in a pure 64bit intel world, there's going to be fat binaries for a while. For example, "file /usr/lib/libobjc.dylib" shows three slices on macOS 10.13:
On iOS, having a non-fat binary is almost the exception to the rule. For the longest time, it was common to have both armv6 and armv7 slices, and these days, armv7 and aarch64 slices. Granted, with iOS11 dropping armv[67] and apps starting to drop iOS10 support, we'll have a run with non-fat aarch64 binaries for a while. This is quite visible for compile times and compile errors during development! Also, for iOS, there's bitcode and app thinning which does mean end user devices are often served a single slice non-fat binary anyways.
Vendors of closed source iOS libraries, such as the "Google maps for iOS" SDK, often ship fat binaries for the .dylibs containing both armv7, aarch64, i386 and/or x86_64. Why are Intel slices for iOS a thing? To be able to run your app and the library in the Xcode iOS simulator, which actually runs x86 code only. That's why it's not called an "emulator".
The history of fat binaries in macOS goes all the way back to NeXTSTEP (of course, since macOS is basically a modern NeXTSTEP, with NSObject still showing off the legacy behind the curtain to new iOS developers) where even m68k was a common slice. https://en.wikipedia.org/wiki/Fat_binary#NeXTSTEP_Multi-Arch... which at times even exploded to "Quad-fat binaries" containing slices for m68k, i386, pa-risc and sparc all together in one executable.
MacOS will execute anything you ask it to. The normal ways for running programs (like double clicking on them in Finder) causes a (presumably non-buggy) code signature check to run on them, but there are certainly ways of executing programs that bypass this user-facing warning (like running ./Bundle.app/Contents/MacOS/Bundle in a terminal).
The bug described in the article says that some third-party code signature validation methods were flawed and didn't properly detect unsigned code that the third-party programs would then execute.
For those on iOS, you can block wildcard number ranges like this with Number Shield[0].
I have been receiving alot of these spoofed neighbor number calls, and this app saves me a lot of time and stress. You can also prevent it from blocking contacts that fall into your blocked number range.
Today, I tried out your service with a previously-unused domain and a brand new gh-pages repo.
When I ran into a small issue, I used the instant chat applet inside the Kloudsec control panel, and Steven quickly discovered the problem (I simply needed to remove the two A records pointing to GitHub pages, leaving only the Kloudsec A record).
Everything is working flawlessly so far, in regards to having TLS/SSL for custom domain hosted on GitHub pages. I especially like the option to enable HSTS for the domain's SSL. I wish GitHub Pages' own SSL on username.github.com offered that option.
All in all, painless plus quick, and without the unclean feeling that comes with Cloudflare's free SSL option. Additionally, I'm impressed with Steven's quick and quality assistance via chat and email.
edit: I've now noticed that there are large blocks of Javascript injected into my one-page test website. Ostensibly for the Speed Booster CDN plugin; I'll update after confirming the JS is gone upon disabling all plugins aside from the One-Click Encryption plugin.
edit2: Confirmed. Speed Booster plugin was source of JS injection. I suppose that's the drawback to a CDN who doesn't also host your DNS. Ironically, due to test site being small and static, disabling the Speed Booster plugin to remove all the JavaScript increased page load speeds.
Still, this doesn't detract from Kloudsec's simple deployment of LetsEncrypt SSL certificates for custom domains hosted on GitHub pages.
This is one of the "HN for X" websites that I truly hope takes off. I have signed up, and submitted a few interesting articles. I've already found a few interesting reads on their homepage.
https://www.fakespot.com/