[dymk]

App sandbox is just one layer of the security model that iOS employs, and another is not allowing JIT'd code, in case someone finds a way to drop a payload into W&X memory. There's no reason to increase your attack surface if you don't need to.

[mikeash]

Is the restriction on JITs really a security thing? That seems so completely far out there on the list of concerns compared to common stuff like buffer overflows which Apple does pretty much nothing to prevent. It always looked to me to be a technological means of enforcing their rule that you weren't allowed to download new code to run (on purpose).

[dymk]

It's very much a security thing, there've been lots of exploits that work by dropping a payload into a W&X marked area in browsers (usually dropped in by buffer overflows).

Apple also doesn't like unsigned code, and JIT (or self modifying code, or whatever falls into that category) is inherently unsigned code.

[mikeash]

Yeah, but Apple doesn't like unsigned code because they want to maintain control over everything, not because of security.