its just a different attack surface for safari they would need to blackbox attac...

rs_rs_rs_rs_rs · 2026-03-06T14:48:52 1772808532

What? The js engine in Safari is open source, they can put Claude to work on it any time they want.

runjake · 2026-03-06T17:04:25 1772816665

Here's a rough break down, formatted best I can for HN:

  Safari (closed source)
   ├─ UI / tabs / preferences
   ├─ macOS / iOS integration
   └─ WebKit framework (open source) ~60%
        ├─ WebCore (HTML/CSS/DOM)
        ├─ JavaScriptCore (JS engine)
        └─ Web Inspector

hu3 · 2026-03-06T15:58:12 1772812692

There's much more to a browser than JS engine.

They picked to most open-source one.

SahAssar · 2026-03-06T16:51:52 1772815912

WebKit is not open source?

Sure there are closed source parts of Safari, but I'd guess at least 90% of safari attack surface is in WebKit and it's parts.

Normal_gaussian · 2026-03-06T17:17:56 1772817476

In many cases, the difference between a bug and an attack vector lies in the closed source areas.

This is going to be the case automating attack detection against most programs where a portion is obscured.

rs_rs_rs_rs_rs · 2026-03-06T18:22:17 1772821337

>In many cases, the difference between a bug and an attack vector lies in the closed source areas.

You say many cases, let's see some examples in Safari.

dwaite · 2026-03-06T17:57:29 1772819849

However, Firefox also needs to use the closed source OS when running on Windows or macOS.

There are also WebKit-based Linux browsers, which obviously do not use closed-source OS interfaces.

My pessimistic guess on reasoning is that they suspected Firefox to have more tech debt.

g947o · 2026-03-06T17:21:49 1772817709

Apple is not the kind of company that typically does these things, even if the entire Safari is open source.