From the lead developer: Code that doesn't get executed cannot be exploited. It's true that, when exploiting a vulnerability (in reachable code), you can take advantage of everything loaded into the program memory to take control of the execution, including unreachable code. But you're assuming there's a prior critical vulnerability in Molly that allows to alter execution flow in the first place
Another comment from them: Also consider that Whatsapp and iMessage were exploited by flaws in the multimedia libraries. Should we remove image and video sharing in messaging apps?
aexiruch@lemmy.ml 2 years ago
Disabled != Not even in the binary. Buffer overflows regularly lead to executing "disabled" (read: behind an "if" statement) code.
Seb3thehacker@lemmy.ml 2 years ago
From the lead developer: Code that doesn't get executed cannot be exploited. It's true that, when exploiting a vulnerability (in reachable code), you can take advantage of everything loaded into the program memory to take control of the execution, including unreachable code. But you're assuming there's a prior critical vulnerability in Molly that allows to alter execution flow in the first place
Seb3thehacker@lemmy.ml 2 years ago
Another comment from them: Also consider that Whatsapp and iMessage were exploited by flaws in the multimedia libraries. Should we remove image and video sharing in messaging apps?
Yujiri@lemmy.ml 2 years ago
Posting these two comments again and again will not make the arguments against them disappear.