Re: Cognitive Bias?
The last round of hacking on Apple's phones managed to find a remote flaw in browser parsing of a simple website, caused by all kinds of things that just shouldn't be possible - not just technically, but procedurally - that allowed a Mac, iPhone and iPad compromise of the browser to illicitly enable the camera.
https://www.ryanpickren.com/webcam-hacking
This included allowing websites to download arbitrary files, then treat those files as trusted local file: or about:, blob: or even data: protocols (!!), letting you load javascript from them, thus bypassing security permissions, along the way discovering that domains with .- or -. in their name don't appear in the permisisons dialogs, you can do popups and even force a browser password autocomplete, and abuse window history to play clever tricks.
The problem is not the bug you suffer from. The problem is the CLASS of bugs you suffer from. Because they indicate the design of the system, rather than a tiny incidental oversight. It's not an oversight to do the above... it's a completely thoughtless design process. Which is the opposite of security.
As with everything Apple that I've ever touched - design for them means "designer", not good design, not easy-to-use, intuitive, sensible, planned-out, functional, etc.