[worrycue]

> I wonder if Apple isn’t running static analysis tools right now to look for these vulnerabilities against all apps.

On a side note, this is one more reason Apple can cite for their App Store exclusivity. If there is a vulnerability in the OS exploitable by apps, and they can’t get a patch out in time, they can screen and prevent the download of such dangerous apps.

Not a popular position here I know. But I’m correct no?

[sangnoir]

> But I’m correct no?

You're not correct - Apple can still scan apps installed from elsewhere. With a user opt-in, Android can verify side-loaded apps - no App-store exclusivity required.

[babesh]

No. Those static analysis tools don't catch everything. There are relatively well known and somewhat widespread tricks to avoid being caught by them.

[babesh]

I speculate that GameKit is basically abandonware by Apple. They even got rid of the app a few years ago.

There probably hasn't been hardening of it in years and the initial work was probably developed in haste.

This is systemic. Apple has a bad habit of abandoning software that isn't a priority. So, one shouldn't be surprised that Apple hasn't fixed these exploits. And I wonder if the author has fully mined GameKit for exploits yet. Perhaps there are more to be found.

The architecture of iOS and OSX isn't conducive to security AFAIK. It is more of an add-on as one can see instead of being architected in.

[illusionofchaos]

I haven't checked further, maybe authentication token can be used to gain access to Apple account and more data. Also one other method could used to write arbitrary data outside of an app sandbox, that might be useful for further exploitation.

[worrycue]

Catching some is better than catching none. Apple will be evolving their analysis tools too as they go along.