Apple’s new Playgrounds feature is very cool, allowing developers to test Apple’s new programming language Swift in real time, but developer Steve Stroughton-Smith points out a rather gaping flaw.

It turns out that the app isn’t sandboxed which means entered code can do pretty much anything it wants. So, entering the code above for instance will actually delete every file on your system. The realtime nature of Playgrounds means you don’t even have to press Enter for the entire contents of your hard drive to be erased.

Until Apple fixes this issue, people should be very careful clicking on Swift scripts that they do not understand as the Playground will run them, malicious or not.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

One Response to “Apple’s new Playgrounds need a sandbox, typing a malicious script could wipe your hard drive”

  1. I think this is a bogus argument. “Playground” in this case doesn’t mean it isn’t real code that does real things. It means that it’s not a part of a compiled application, but you can see the real results of doing real things in real time. In other words, you’re not playing around with play code, you’re playing around with real code. They either need to change the name of it or put a warning at the top.

    Like