How many of the NSO Group remote exploits are just flavors of “iMessage parsing is a disaster”, I wonder.https://twitter.com/hkashfi/status/1156475870107844608?s=21 …
If the CFF parser had been implemented in a memory safe language, this wouldn’t have been exploitable as you would get an array bounds check exception.
-
-
Yes, that’s why I consider memory safety a fix here versus LangSec, which I understand to more oriented around the parsing.
-
You need both if you value both correctness and memory safety.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.