In January, the EU is launching bug bounties on Free Software projects to increase the security of the Internet! #FOSSA #bugbounty #35c3 https://juliareda.eu/2018/12/eu-fossa-bug-bounties/ …pic.twitter.com/ftIkp7lemZ
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
I don't think that's a great example given that 1. the bug was fixed; 2. the scenarios under which this is exploitable are super fringe (requiring root to write a configuration file for you pointing to your exploit). I'd question whether to call it a vuln or just an edge-case bug
that's actually the problem with most vuln. when you start debating whether it's a vuln or a fringe case, you lose. My stance is "fix the darn bug, you can always argue later".
You've got two classes of real-life attacks: outdated installations with idiots, and reasonable installations with "perfect storm" scenarios. "Fringe cases" that will lead to a full exploit. Just closing one bug makes things way more difficult to exploit usually.
Oh, let's recall another old example. The openssh # channels int overflow. Where it got discovered at the same time we implemented privsep. Switching to default privsep was a great mitigation, and theo strongly hinted at switching to privsep on linux as well...
... but there was this bug in the linux kernel at the time (file descriptor passing ? I'm not sure) and activating THAT would require an inconvenient bump of the kernel for a lot of commercial distributions.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.