EU antitrust: Apple shouldn't use privacy and security to stave off competition

Executive Summary

  • TCC is meant to protect user data from unauthorized access, but weaknesses in its design mean that protections are easily overridden inadvertently.
  • Automation, by design, allows Full Disk Access to be ‘backdoored’ while also lowering the authorization barrier.
  • Multiple partial and full TCC bypasses are known, with at least one actively exploited in the wild.
  • TCC does not prevent processes reading and writing to ‘protected’ locations, a loophole that can be used to hide malware.

Read in full here:

This thread was posted by one of our members via one of our news source trackers.

Corresponding tweet for this thread:

Share link for this tweet.