• fartsparkles
    link
    fedilink
    arrow-up
    44
    arrow-down
    2
    ·
    edit-2
    1 year ago

    It’s literally been 3 days since Android had a vulnerability of this exact nature: remote code execution with zero user interaction required (CVE-2023-35674).

    Every piece of software has vulnerabilities lurking within. What matters is the velocity at which vendors address and resolve those vulnerabilities. Apple and Google are both exemplary at getting patches out quickly.

    • planish
      link
      fedilink
      arrow-up
      2
      arrow-down
      2
      ·
      1 year ago

      Every piece of software has vulnerabilities lurking within.

      Remind me why we put up with this again? Formal verification does exist.

      • fartsparkles
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        Formal Verification doesn’t guarantee that the code is free of vulnerability, it just increases confidence in its security. It’s never perfect.