XPost: misc.phone.mobile.iphone   
   From: marianjones@helpfulpeople.com   
      
   Marian wrote:   
   > One relevant source is Google Project Zero   
   >  *Root Cause Analysis: WebKit 0-days*   
   >     
      
   Here are a few of the specific Project Zero statements explaining what   
   Google really said about Apple never having tested much of the iOS code.   
      
   In the Project Zero root cause analysis of WebKit 0-days exploited in the   
   wild, they explain that many of the iOS WebKit vulnerabilities were:   
    a. trivially discoverable by modern fuzzers   
    b. reachable through shallow code paths   
   which is evidence that the affected iOS code had not been subjected to   
   systematic fuzz testing before shipping.   
      
   Clearly these are the kind of bugs that would have been found quickly by   
   coverage-guided fuzzing (which Apple clearly has not done on iOS code).   
      
   The relevant page is:   
       
      
   Google's Project Zero technical conclusion is unambiguous in that the   
   exploited WebKit bugs were the type that standard fuzzing would have   
   caught, and the presence of these bugs in production strongly implies that   
   the iOS code had never been fuzzed nor tested with modern techniques.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)