undefined | Better HN

0 pointsviro5y ago0 comments

This is NOT a RCE. Would you like me to list all of the software that does this exact thing? Chrome, Brave, Discord are some of the biggest. Nearly all electron based apps that autoupdate.

0 comments

sneak5y ago

You forgot the Creative Cloud, iOS (autoupdates on by default), and the Play Store.

Those are RCE vulnerabilities, as well. Platform vendors love being able to execute whatever they like on the advertising consumption devices that don't belong to them.

Just because it feels like a different thing because it's the vendor (only in theory - TAO would like to have a word with you) doesn't make it any less a vulnerability, or any less an RCE by the strict definition. Installing the client is equivalent to installing a RAT onto your machine: it can be remotely controlled to execute any code or tools the other end wants.

viroOP5y ago

Thats not how the definition of RCE works. Under your silly logic every piece of server/client software is a "RAT". To be honest I feel like you're trying to speed run ur way to the Attrition Hall of Charlatans

j / k navigate · click thread line to collapse

0 comments

sneak5y ago

You forgot the Creative Cloud, iOS (autoupdates on by default), and the Play Store.

Those are RCE vulnerabilities, as well. Platform vendors love being able to execute whatever they like on the advertising consumption devices that don't belong to them.

viroOP5y ago

j / k navigate · click thread line to collapse