
Finding and Exploiting Safari Bugs Using Publicly Available Tools - mbrubeck
https://googleprojectzero.blogspot.com/2018/10/365-days-later-finding-and-exploiting.html
======
jetpks
Do Project Zero's blog posts not focus on Google products purposefully, or is
that just a perceived bias?

I understand and appreciate the work Project Zero does; it makes us all safer
when these bugs are found, and fixed. It just seems like the only project zero
blog posts that make the front page are aimed at Microsoft or Apple.

~~~
CJefferson
Having done a bunch of fuzzing myself, my guess would be Google is picking up
their problems before they get to a release in the main, and most people don't
discuss bugs they find in internal testing.

~~~
DannyBee
Actually, project zero does not give google any better treatment than anyone
else.

(IE Google bugs have the same disclosure rules/timelines/etc)

------
progers7
SVG's SMIL bites again (the bug used to write the exploit). This ancient
animation system is incredibly hard to implement without security bugs due how
GC interacts with the SVG SMIL DOM apis (animVal, baseVal, etc). SMIL is one
of the reasons Chromium implemented C++ garbage collection.

With finite engineering resources, there's always a tradeoff between
maintaining backwards compatibility and making forward progress. I think SMIL
would be something better left behind.

~~~
romed
Do you imagine that Apple has finite engineering resources? The last I heard
was it is the richest company on earth. They’re just satisfied with the status
quo in which Google does all of their security work and nobody cares because
of decades-old misperceptions about Mac vs Windows malware safety.

~~~
evilduck
Money alone doesn't create more qualified engineering applicants. They may be
able to use money to poach those resources but the candidate pool for this
sort of work is extremely finite.

