I am quite amazed how a few people are defending a broken model and arguing about "arbitrary code". Every single piece of code you download is arbitrary. Hell, even the operating system is. You have no idea of what really runs in your computer, you trust there is nothing malicious hidden in most apps. Trust, nothing more than that. So it's very easy to own all your Macs and steal financial information without a single suspicious prompt for higher privileges.
If you think it's ok to have iTunes binary not writable by a normal user but then fully controlling it from a plugin then what can I say? I hope your data is not valuable ;-)
> Every single piece of code you download is arbitrary.
Apple's solution to this is the Mac App Store. If you can get an app into the Mac app store, and then break out of the Sandbox to install this iTunes plugin. THEN you have a post.
iOS has been refreshingly malware-free using this model (even though there have been holes there as well obviously), and it's clear why they're bringing it to the Mac.
> If you think it's ok to have iTunes binary not writable by a normal user but then fully controlling it from a plugin then what can I say?
I agree that not having an unsigned code warning in iTunes for new plugins is a major oversight, and a break in the Apple Model. But with that in place, saying "but plugins can do anything in iTunes" is like saying "but a *.com-filtered Chrome extension can intercept all my passwords!". And guess what? Google are also limiting all the plugin extensions to their Web store...
No you dumb ass, I am expecting a malware dropper to copy it.
Where malware dropper can be any application that you download.
Now go reverse CoinThief different samples and learn a thing or two.
Thank you for confirming you're just an angry scriptkiddy looking to make a name for yourself. We all now know for certain that you can be safely ignored.
