| ▲ | nine_k 4 hours ago | |
TrueType and OpenType fonts include code executed by a VM to even render them. This wasn't a viable source of attacks so far, due to the properly limited nature of the VMs. Maybe I would pick the eBPF VM instead, with all its limiting and verifying mechanics. | ||
| ▲ | cmiles74 4 hours ago | parent | next [-] | |
https://learn.microsoft.com/en-us/security-updates/SecurityB... > This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits a malicious Web page that embeds TrueType font files. > This security update is rated Critical for all supported releases of Microsoft Windows. For more information, see the subsection, Affected and Non-Affected Software, in this section. > The security update addresses the vulnerability by modifying the way that a Windows kernel-mode driver handles TrueType font files. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information. | ||
| ▲ | tedd4u 4 hours ago | parent | prev [-] | |
There are many documented, exploited-in-the-wild font-file attacks (one example in 1]). Apple is re-writing their font interpreter specifically to improve security. [2] [1] https://www.bleepingcomputer.com/news/security/facebook-disc... [2] https://blakecrosley.com/blog/truetype-hinting-swift-migrati... | ||