I've worked on a three letter sports orgs (one of NFL, NBA, NHL, etc) Android app.
I always joke that we could probably tell you what color and type your underwear is on any random day with how much data is siphoned off your phone.
As for loading random JS, yeah also seen that done that before. "Partner A wants to integrate their SDK in our webviews." -> "Partner A" SDK is just loading a JS chunk in that can do whatever they want in webviews, including load more files.
Don't get me started on the sports betting SDKs...
Though we do have a Security team constantly scanning SDKs and the endpoints for changes in situations like this.
> As for loading random JS, yeah also seen that done that before.
Partner A is not random JS. The assumption there is 1) you have some official signed agreement with them and 2) you've done your due diligence to ensure you can use them in this way.
It's not just some person's GH repo who can freely change that file to whatever they want.
Hotlinking is as old as the internet, and a well-worn security threat.
When I was at a FAANG, we used to joke that when senior leadership is totally out of ideas, they announce a hackathon. It was a way for them to continue the charade of being "leaders" without having any ideas.
Apple has allowed Facebook, TikTok etc. to track users across devices AND device resets via the iCloud Keychain API.
When you log into FB on any account on any device, then install FB on a new device, or even after you erase the device, they know it's you even before you log in. Because the info is tied to your Apple iCloud account.
And there's no way for users to see or delete what data other companies have stored and linked to your Apple ID via that API.
It's been like this for at least 5 years and nobody seems to care.
None that I found. You can test it right now yourself. Install FB, log in, delete FB, reinstall FB. Your previous login info will be there.
That would be fine if users could SEE what has been stored and DELETE it WITHOUT going through the app and trusting it to show you everything honestly.
What's even worse is that it silently persists across DEVICE reinstalls.
Erase and reset your iPhone/iPad. Sign into the same iCloud account. Reinstall FB. Your login info will still be there.
Buy a new iPhone/iPad. Sign into the same iCloud account. Reinstall FB. Your login info will still be there.
> However, if those shell commands (e.g., curl) are not detected, the URL permissions do not trigger. Here is a malicious command that bypasses the shell command detection mechanisms:
It's because in this case "curl" is just a parameter to env. Env just happens to execute curl (or indeed sh, which seems, uh, worse).
Seems nuts to have env or find on the default allowlist to me! Really these agents shouldn't be able to execute anything at all without approval by default, if you want to give it something like "find" or "env" to do safe things without approval, reimplement the functionality you want as a tool that can't do arbitrary code execution.
Honestly it's for the best. People keep thinking it's safe to use AI tools without VM, credential, and network sandboxing, the same way a person who's "only buzzed" thinks it's safe to drive a car. I wouldn't trust an agent's heuristics any more than a prisoner in a gun factory.
reply