@gparker @pmdj Yeah the model here gives the attacker not just arbitrary code execution in the target process, but also the ability to introduce new code, which Apple has no way to mitigate against reliably