Good points. Could it simply be that someone working on this code at apple have had their computer backdoored, and the attacker snuck in the double goto in their working source dir, just waiting for it to be picked up on the next commit?
I remember reading an article some time ago how facebook played out this exact scenario, even going to such lengths as acquiring a 0day to keep the simulation even more real.
I remember reading an article some time ago how facebook played out this exact scenario, even going to such lengths as acquiring a 0day to keep the simulation even more real.