The... propaganda? PoC exploits demonstrating full device takeover by sending an image file are propaganda? What would a real security vulnerability that's not propaganda look like?

https://nvd.nist.gov/vuln/detail/CVE-2023-4863

▲

userbinator 2 days ago | parent [-]

libwebp, a Google-originated format... how convenient.

via a crafted HTML page

Don't forget that the majority if not all exploits will use something like JS to obfuscate their existence and frustrate analysis.

Also remember the famous sayings "Those who give up freedom for security deserve neither" and "Live free or die". Accepting the insecurity, because freedom cannot exist without it, is also important.

▲

davidcbc 2 days ago | parent | next [-]

That's a common misquote

"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety"

The extra words are important

	▲	rightbyte 2 days ago \| parent [-]
		"a little temporary" is key. Also the background context of arguing for taxing the rich instead of making them aristocrats.

▲

chowells 2 days ago | parent | prev [-]

No, really. I asked a specific question. What would a vulnerability that's not propaganda look like? Please explain how to distinguish between propaganda and non-popaganda vulnerabilities. I need to be able to distinguish between them for myself.