Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Could you explain where you think the issue here is? Are you saying, as a user trying to upload, you could possibly (presumably accidentally) upload your passwd, or as a user of their site, you could somehow see their passwd file?

If it's the former, I think that's a 'vulnerability' with any site that has a file chooser.

If it's the latter, could you elaborate where and how you would do so? Perhaps you're saying you could load it through the simulator that's running on the actual computer/vm somewhere, but those simulator environment are sandboxes (afaik) so that you could only access files on within the simulator's context.



Simulator instances aren't sandboxed, so you can transverse the master system's file system with a malicious iOS app. This is indeed an attack vector.


Huh, indeed they are not. Was able to pull a file off my desktop through Safari. Was not aware of that.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: