We're creating IOsurfaces with the "global" attribute, which means that any app on Mac can access their contents. We should switch to using mach_ports, which would be transported via IPC on a secure side-band.
Created attachment 170420 [details] Patch
Comment on attachment 170420 [details] Patch Clearing flags on attachment: 170420 Committed r132389: <http://trac.webkit.org/changeset/132389>
All reviewed patches have been landed. Closing bug.