Hacker News new | ask | show | jobs
by saagarjha 1725 days ago
It’s pretty trivial to encode a backdoor into your app that would let you remotely call native code of your choice.
1 comments
yccs27 1725 days ago
I guess this is the reason Apple restricts apps from executing downloaded code.
link
saagarjha 1725 days ago
This is without downloading additional code. Reuse attacks such as ROP, or you could just embed an interpreter with the ability to alter native register state. It’s not hard to get Turing completeness into your app in a way that lets it call whatever it wants.
link
babesh 1725 days ago
Yeah, it wouldn't be too hard to write an interpreter. It is a lot like compiler class.
link