tacit, I'm wondering if you missed the question I posed in my original response to this post, namely, which, if any, of your three "how-they-do-its" is of the nature that it can be prevented by an existing or future Apple Security Update?
Or, on the other hand, are they all simply "user beware" type threats?
(I'm trying to put your post into perspective with the rest of the discussion.)
That's hardly the point, nor does it belong in this iPad thread (as presented).
If we both visit some page and click on some link which contains code exploiting some vulnerability for which my OS/browser has been patched and yours hasn't... then your computer will crash (or whatever), and mine won't. It's really really really simple: known weaknesses get patched... and there is zero wisdom involved in not updating. We could argue about whether or not that page actually exists and whether or not we might actually click that link, and conclude that it probably won't ever happen (and so the extra security may not be needed "necessarily")... but that's not a very meaningful discussion.
edit: note that —on those 3 pages there —the phrase“arbitrary code executionâ€is a euphemism which (more often than not) actually means a cleverly crafted script could run (likely with root privileges, and thus do whatever it wants to).
