Skip to main content

Apple’s new Playgrounds need a sandbox, typing a malicious script could wipe your hard drive

https://twitter.com/stroughtonsmith/status/474213833465421824

Apple’s new Playgrounds feature is very cool, allowing developers to test Apple’s new programming language Swift in real time, but developer Steve Stroughton-Smith points out a rather gaping flaw.

It turns out that the app isn’t sandboxed which means entered code can do pretty much anything it wants. So, entering the code above for instance will actually delete every file on your system. The realtime nature of Playgrounds means you don’t even have to press Enter for the entire contents of your hard drive to be erased.

Until Apple fixes this issue, people should be very careful clicking on Swift scripts that they do not understand as the Playground will run them, malicious or not.

Comments

  1. Gregory Higley - 10 years ago

    I think this is a bogus argument. “Playground” in this case doesn’t mean it isn’t real code that does real things. It means that it’s not a part of a compiled application, but you can see the real results of doing real things in real time. In other words, you’re not playing around with play code, you’re playing around with real code. They either need to change the name of it or put a warning at the top.

Author

Avatar for Benjamin Mayo Benjamin Mayo

Benjamin develops iOS apps professionally and covers Apple news and rumors for 9to5Mac. Listen to Benjamin, every week, on the Happy Hour podcast. Check out his personal blog. Message Benjamin over email or Twitter.


Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications