[ChrisMarshallNY]

Not just the NFC chip. Almost every I/O system requires explicit permission.

That’s where a “social engineering” approach can be helpful. The permission request can be quite bland, to a non-technical person.

And yes, a native app with the program counter can definitely do stuff a Web site can’t. Run machine code, for instance.

We would hope the app sandbox is good enough to catch it.

[raw_anon_1111]

Which permission is bland on iOS?

“Running machine code” is not a security vulnerability. If your browser isn’t secure all sorts of exploits can happen from a web browser. That’s how a lot of the early iOS jailbreaks worked.

[ChrisMarshallNY]

I think we’re probably not getting anywhere here.

No problem, but we can each do our own thing.

If you are in the US, have a great Thanksgiving holiday. I sincerely hope it’s a warm, loving event.

[raw_anon_1111]

It was a very simple request - show an example?

Everyone commenting here is being hand wavy

[ChrisMarshallNY]

I stated an example. It was not enough.

I used to write machine code, but I don’t, anymore. I am quite aware of how powerful it is, so I have to assume that the very smart people at Apple -who deal with current-day machine code- have a handle on dealing with it.

I guarantee that hackers do.

[raw_anon_1111]

You didn’t state one example where it bypassed the sandbox. All apps on iOS are compiled to assembly. If writing in assembly magically bypasses a well designed OS’s security model, we are in trouble

[ChrisMarshallNY]

Some things are worth arguing about.

This isn't one of them.

Have a great Thanksgiving!