Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yeah, let's stick with raw C/C++, that would be much safer...

Or maybe let's use some research language made by Wirth, and get access to all 10 of packages and 5 devs worldwide using it :-)



For starters, leave it on the browser.

I didn't mention any programming language.


Telegram Desktop is a cross-platform C++ app. What similar remote code execution exploit has existed in the wild for it?


The exact same kind of RCE?

https://securelist.com/zero-day-vulnerability-in-telegram/83...

and others...

https://www.notebookcheck.net/Researchers-at-Symantec-discov...


One of them requires the user to click run on a file, much like running an EXE. The other, simply saves potentially malicious data to external storage which would then have to be run by a separate malicious third-party app. This are far from RCE exploits that execute immediately without poor user decision making, and Rust is not impervious to security exploits similar to these.


C'mon. Just because there is one C++ app without remote exploits doesn't mean all C++ apps are immune.


FYI it's not just PL that factors into security. The engineers, for example.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: