Helge Heß

RE: https://toot.cafe/@slightlyoff/116281285290733971

It's funny how Apple is doing both at the same time here:
a) proactively fighting browser engine monoculture, while at the same time
b) requiring browser engine monoculture.
🙂

Mar 24 at 12:26amWeb
Show threadSteve Hume1d ago
@helge I don’t understand why allowing one browser engine is presumed less secure than allowing 3 or 4. All engines have had severe security issues.
Show threadHelge Heß1d ago
@stevehume Every issue immediately affects all users. Just like in nature monocultures are not very resistant. It’s a fair point.
And it’s funny, because I think a major reason why that monoculture exists is to fight the browser monoculture we would have otherwise.
Show threadFrancesco Marini17h ago

@helge the reporting on DarkSword is incredibly sloppy.

Google has a more in depth analysis, with a lot more information on the specific versions of iOS that are affected.

TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).

https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain

The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors | Google Cloud Blog

DarkSword is a new iOS exploit chain that leverages multiple zero-day vulnerabilities to fully compromise iOS devices.

Google Cloud Blog
Show threadAlex Russell9h ago

@helge It's only funny if you accept the first one as true; it isn't:

https://infrequently.org/2022/06/apple-is-not-defending-browser-engine-choice/

Apple Is Not Defending Browser Engine Choice

Some folks claim that Apple's mandated inadequacy for browsers and their engines is somehow beneficial to the cause of ensuring a diverse pool of web engines. Nothing could be farther from the truth, but to understand why, we need to understand how browsers are funded. With that understanding, we can see that not only has Apple has starved its own browser team of resources, but has done grevious damage to Mozilla along the way.

Alex Russell
Show threadHelge Heß7h ago
@slightlyoff I do, if the monopoly of Safari on iOS wouldn't exist, it would be dead and consumed by Chrome. That's why it is kinda funny, it has to be a monopoly (on a major platform) to ensure that there is no monopoly everywhere.
You only have to look at what happened at Microsoft to understand ..., oh, wait 🙂
Show threadAlex Russell7h ago
@helge This literally does not engage with any of the arguments in the post, so I guess we're off to visit Hitchens' Razor.