Sretto
1/4/22 11:43AM
Happy new year to developers of messaging apps/applications! Happy new year to everyone else!
I recently went over a few media reports on software vulnerabilities. I feel I can see one pattern: on-device pre-processing of attachments in messages causes vulnerabilities in file processing software to be exploited by malicious attachments. Many attachments in the messages are not even opened by users in their lifetimes, yet many messaging apps/applications choose to pre-process the attachments in the messages on user's device in order to understand what kind of attachments they are. This pre-processing involves many file processing software components which might contain vulnerabilities. If attachment processing occurs only after user opens an attachment, exploitation of potential vulnerabilities in the attachment processing software without any user interactions would be avoided.
About Us|Corporate Responsibility|Contact|Advertising Program
Sretto Home
© 2026 Sretto