09-12-2024, 06:13 PM
(09-12-2024, 04:49 PM)TheOldPresbyope Wrote: I've had a few downloaded tracks which contained tons of "useful" metadata such as lyrics which gave me various problems but I'm guessing music files aren't a common attack vector. That could change as soon as the bad guys uncover a related vulnerability in some popular music app, though.
"Trust no string" is, was, and always shall be the motto. I'm amazed at how many software vulnerabilities get reported each year which come down to violation of this principle.
Regards,
Kent
Implementing and testing security mitigation is very complex, expensive and time consuming which is why virtually all software has vulnerabilities. Even the Tech giants with their Trillions $$$ end up with serious vulnerabilities.
I think upcoming 9.1 will at least have some defense against Code and SQL injection and stored XSS but there would need to be some serious attack vector hacking to see what really happens. Maybe someone will become interested.
