• brvslvrnst
    link
    fedilink
    English
    15
    edit-2
    4 months ago

    I mean… You have to explicitly hit “open”, and it requires you to do so? This is like saying email has a vulnerability because it lets* me open files sent there?

    I get what they are after, but this is a stretch.

      • brvslvrnst
        link
        fedilink
        English
        34 months ago

        Starts getting into demarcation land at that point, because the OS defines what files are opened in which program. Just saving makes sense as a compromise though!

        • Pissipissini Johnson 🩵! :D
          link
          fedilink
          English
          34 months ago

          Right, but they could define a special behaviour so it doesn’t immediately run a script you click on. It is kinda your fault if you get got by this, but it would be a bit more secure with mitigations in place.