John Gruber@gruber

Update on the Blizzard/sandbox thing, from a birdie familiar with the matter: Blizzard’s updater had a crasher. Apple created workaround.

Wed, Jun 01 2016 23:25:42

ReplyRetweetFavorite

https://twitter.com/gruber/status/738149554978070529

— John Gruber (@gruber)Wed, Jun 01 2016 23:25:42

John Gruber@gruber

Practically speaking, all sandboxing rules still apply to Blizzard apps; workaround doesn’t allow operations that other apps can’t do too.

Wed, Jun 01 2016 23:27:21

ReplyRetweetFavorite

https://twitter.com/gruber/status/738149969635352579

— John Gruber (@gruber)Wed, Jun 01 2016 23:27:21

John Gruber@gruber

And Blizzard has fixed their updater, so the workaround shouldn’t be needed in next update.

Wed, Jun 01 2016 23:28:19

ReplyRetweetFavorite

https://twitter.com/gruber/status/738150210853965825

— John Gruber (@gruber)Wed, Jun 01 2016 23:28:19

John Gruber@gruber

My takeaway is that Apple will go to extraordinary lengths to avoid crashers in super-popular apps, even when it’s entirely the app’s fault.

Wed, Jun 01 2016 23:29:46

ReplyRetweetFavorite

https://twitter.com/gruber/status/738150578497323008

— John Gruber (@gruber)Wed, Jun 01 2016 23:29:46

John Gruber@gruber

@joshjagdfeld No buzz. It’s a very curious find, but ultimately a non-story.

Wed, Jun 01 2016 23:38:37

ReplyRetweetFavorite

https://twitter.com/gruber/status/738152802782982144

— John Gruber (@gruber)Wed, Jun 01 2016 23:38:37

Stefan Esser@i0n1c

I wonder why the iOS sandbox omits certain sandbox checks if code is signed by Blizzard Entertainment Inc.

Wed, Jun 01 2016 14:33:26

ReplyRetweetFavorite

https://twitter.com/i0n1c/status/738015603890524160

— Stefan Esser (@i0n1c)Wed, Jun 01 2016 14:33:26

Stefan Esser@i0n1c

Actually the OS X sandbox makes the same exception for Blizzard

Wed, Jun 01 2016 14:40:40

ReplyRetweetFavorite

https://twitter.com/i0n1c/status/738017423895494656

— Stefan Esser (@i0n1c)Wed, Jun 01 2016 14:40:40

Stefan Esser@i0n1c

@SwissHttp it seems as if they are allowed to execute other processes when others are not.

Wed, Jun 01 2016 15:06:12

ReplyRetweetFavorite

https://twitter.com/i0n1c/status/738023849208500224

— Stefan Esser (@i0n1c)Wed, Jun 01 2016 15:06:12

Stefan Esser@i0n1c

Luckily we all know that Blizzard Games never have remote vulnerabilities 😎

Wed, Jun 01 2016 15:55:07

ReplyRetweetFavorite

https://twitter.com/i0n1c/status/738036161441042432

— Stefan Esser (@i0n1c)Wed, Jun 01 2016 15:55:07

Stefan Esser@i0n1c

I just verified: the magic sandbox teamidentifier is actually the current one used for Blizzard games in the iOS app store.

Wed, Jun 01 2016 16:06:15

ReplyRetweetFavorite

https://twitter.com/i0n1c/status/738038962095280129

— Stefan Esser (@i0n1c)Wed, Jun 01 2016 16:06:15

POM@hey_pom

@i0n1c that's right. But it doesn't mean they can execute, it means we make them believe they could.

Wed, Jun 01 2016 18:20:11

ReplyRetweetFavorite

https://twitter.com/hey_pom/status/738072669346631680

— POM (@hey_pom)Wed, Jun 01 2016 18:20:11

Rosyna Keller@rosyna

@gruber it's an targeted exception for the rather innocuous access() calls.  https://developer.apple.com/library/ios/documentation/System/Conceptual/ManPages_iPhoneOS/man2/access.2.html …

Wed, Jun 01 2016 19:38:54

ReplyRetweetFavorite

https://twitter.com/rosyna/status/738092475932237825

— Rosyna Keller (@rosyna)Wed, Jun 01 2016 19:38:54

Taiki@Taiki__San

@gruber @marcoarment No, it was later discovered that only access() is impacted. This means that the program thinks it has one but don’t

@qqalexqq

·

Wed, Jun 01 2016 20:54:21

ReplyRetweetFavorite

https://twitter.com/Taiki__San/status/738118770548428800

— Taiki (@Taiki__San)Wed, Jun 01 2016 20:54:21

Will Strafach@chronic

this sandbox workaround for Blizzard makes sense actually, as strange as it looks.  https://twitter.com/i0n1c/status/738018742710460420 …

Wed, Jun 01 2016 21:13:49

ReplyRetweetFavorite

https://twitter.com/chronic/status/738116365882658816

— Will Strafach (@chronic)Wed, Jun 01 2016 21:13:49