Comment by luke-stanley
2 years ago
I didn't hear anyone mention fuzzing once. I guess there was probably very specific insider knowledge being made use of and they wanted to point a finger, which is fair enough I guess. I'm just a bit surprised that it has not been mentioned so far in the discussion. Anyhow it seems that a allow-list approach by Apple would have been better than a deny list approach! Literally not checking out of expected bounds!
This is a really good question.
Fuzzing is about searching a state-space of an entity: function, method, and I suppose even a hardware-block for unexpected or undefined, or maybe even undocumented behavior.
Certainly this could have been used by the exploiters of these bugs to find undocumented but desirable effects in the hardware of iOS hardware blocks or devices.
Its one of the major arguments against backdooring systems even if you think this to be acceptable. In the end you create a backdoor for everyone, even if you dont do it as moronic as here. You are the hostile actor.
If they were using a deny list, that sounds like an intentional backdoor.
It might just be that they couldn't think of another way to code it though.