> moving a message over BLE to untrusted hardware and worse accepting them back into iMessage is a massive, massive change in the security boundary
Anyone can already screenshot iMessages and move them out of the "security boundary"... which btw doesn't exist much, as if you have any Mac connected to your iCloud account then those messages are being synced to an SQLite DB any process running under your user can access.
There are easily hundreds of cases involving some alleged or actual liability that various groups claim Apple to have in relation to this or that feature/product/service/etc.
The point is that Apple has never been successfully sued because someone clicked through a warning. I don't care if someone files a frivolous lawsuit that fails.
I just want to learn about a single such lawsuit, anywhere, that's actually succeeded. I can't find any.
This doesn’t even make sense in relation to my prior comments… as unsuccessful cases also cost Apple, and various other parties, real money. So it seems entirely irrelevant to the point.
But remember, the whole premise of this discussion is that fools can be duped into clicking yes to anything, so scammers can talk your grandmother into granting an application that permission. In one case iPhones must not permit it because Apple cares very much, but in another MacOS permits it because it doesn't matter or something? Either way, Apple can do no wrong!
I don’t think you understand what the security boundary of iMessage is.
People’s phones got compromised by NSO sending images to them via whatsapp that used an exploit in one of the image libraries to run a malware payload. The security boundary isn’t about whether you can see your own messages, it’s whether bad people can root your phone by getting untrusted code to run. That’s a very different proposition if iMessage is a single codebase that they fully own end to end versus it has a plugin ecosystem. Having such a plugin system widens the security boundary by adding a much larger codebase that would require trust.
It doesn't need to be a plugin ecosystem - no third party code needs to run within the iMessage processes/sandboxes/containers. In fact, no third-party code needs to run at all on the phone - all that's needed is to expose an API over BLE that allows previously authorized external devices to query/send messages.
In defense of the "it's security!" position (which is not mine): I think they mean a similar vulnerability could exist on the client side of the API. As in someone sends manipulated media that targets a vulnerability on the third party device, the media gets forwarded through the API, now that compromised third party device does bad things over the API.
Personally, I think that it's really just a convenient third party lockout excuse, but the argument isn't quite as bad as it may seem at first glance.
> People’s phones got compromised by NSO sending images to them via whatsapp
Has this happened on iOS via WhatsApp?
I know Apple's had a view problems with this happening with iMessage, but always been unsure whether third party app sandbox does a good job of containing this?
No, that’s not true. NSO Group already has the means to send people spicy JPEGs all they want. Adding this would not significantly change their capabilities.
Anyone can already screenshot iMessages and move them out of the "security boundary"... which btw doesn't exist much, as if you have any Mac connected to your iCloud account then those messages are being synced to an SQLite DB any process running under your user can access.