undefined | Better HN

0 pointsdns_snek4mo ago0 comments

Does this count?

https://signal.org/blog/cellebrite-vulnerabilities/

> Given the number of opportunities present, we found that it’s possible to execute arbitrary code on a Cellebrite machine simply by including a specially formatted but otherwise innocuous file in any app on a device that is subsequently plugged into Cellebrite and scanned. There are virtually no limits on the code that can be executed.

But it was a product using a 9 year old ffmpeg build (at the time).

0 comments

brigade4mo ago

I'd still consider that an academic exercise rather than an exploit that was deployed in the real world (aka against a machine the attacker did not control)

renewiltord4mo ago

Yeah, that’s just how life is. We used to run with Heartbleed and Spectre turned off.

hulitu4mo ago

> Does this count?

If Signal relies on ffmpeg to play videos instead of an externall app, i would say it is broken by design.

j / k navigate · click thread line to collapse