It's not really possible to prevent that. E.g. a well crafted image can easily t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		throwaway53453 on March 27, 2021 \| parent \| context \| favorite \| on: Chrome’s address bar will use https:// by default It's not really possible to prevent that. E.g. a well crafted image can easily trigger an RCE on some older versions of Android: https://nakedsecurity.sophos.com/2019/02/08/android-vulnerab... Issues like this exist at all layers of the stack, so anything touching the internet needs regular security patches.

Wowfunhappy on March 28, 2021 [–]

I agree completely. But, I also think that in most cases, if a simplistic piece of software like an IM app needs a security patch every three months, regularly, it's a sign the attack surface is too large.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact