undefined | Better HN

0 pointspvg6y ago0 comments

The claim is it's easier to bypass some app integrity protection mechanisms when the target is an Electron app.

0 comments

"easier" than what? and is it particularly noteworthy? if malicious code has write access to any given app's constituent files, there's effectively no app that's hard to subvert.

pvgOP6y ago

Easier than apps that are better covered by system app integrity protection? I'm not sure what's unclear about this, it's right in the writeup.

dvt6y ago

If you're talking about installing apps, every installed app needs to be signed (unless you ignore Windows/macOS warnings). If you're talking about injection or modifying program files (be them executables, DLLs, or ASARs) post-install, every app is equally-vulnerable. There is no functional difference between a native app or an Electron app in that regard, so maybe you can clarify what you mean by "system app integrity protection."

1 more reply

j / k navigate · click thread line to collapse