The big tech news this week is that the FBI is trying to force Apple to unlock a suspect's iPhone. One of the interesting points around this story is that the iPhone in question is an older one, an iPhone 5c. Newer phones have what Apple calls the Secure Enclave, which some say protects against requests of this nature; even if Apple wanted to break into your phone, they couldn't. Which then brings up an interesting question I've seen a lot of people asking: what exactly is the Secure Enclave, and what role does it play here?

With computer security high on everyone's minds these days, tools that help assess and improve the security of our code are extremely useful. Today I'm going to talk about one such tool, afl-fuzz, which has seen a lot of attention lately and produces some interesting results. I'll discuss how it works and how to use it on your own code.

A few months ago I told everyone not to use strnstr. This bug was fixed in Leopard, but persisted in Tiger. Today, Apple finally fixed it in Tiger. Now you can safely use strnstr. I assume that this bug probably still exists on Panther and earlier, but as long as you're targeting Tiger and up (as every sane person ought to), you are now safe.

The strnstr function is broken on Mac OS X 10.4 (and presumably earlier) and should be avoided.