• fartsparkles
      link
      fedilink
      arrow-up
      44
      arrow-down
      2
      ·
      edit-2
      1 year ago

      It’s literally been 3 days since Android had a vulnerability of this exact nature: remote code execution with zero user interaction required (CVE-2023-35674).

      Every piece of software has vulnerabilities lurking within. What matters is the velocity at which vendors address and resolve those vulnerabilities. Apple and Google are both exemplary at getting patches out quickly.

      • planish
        link
        fedilink
        arrow-up
        2
        arrow-down
        2
        ·
        1 year ago

        Every piece of software has vulnerabilities lurking within.

        Remind me why we put up with this again? Formal verification does exist.

        • fartsparkles
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          Formal Verification doesn’t guarantee that the code is free of vulnerability, it just increases confidence in its security. It’s never perfect.