• brvslvrnst@lemmy.ml
    link
    fedilink
    English
    arrow-up
    18
    ·
    edit-2
    4 months ago

    I mean… You have to explicitly hit “open”, and it requires you to do so? This is like saying email has a vulnerability because it lets* me open files sent there?

    I get what they are after, but this is a stretch.

      • brvslvrnst@lemmy.ml
        link
        fedilink
        English
        arrow-up
        5
        ·
        4 months ago

        Starts getting into demarcation land at that point, because the OS defines what files are opened in which program. Just saving makes sense as a compromise though!

        • Pissipissini Johnson 🩵! :D@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          4 months ago

          Right, but they could define a special behaviour so it doesn’t immediately run a script you click on. It is kinda your fault if you get got by this, but it would be a bit more secure with mitigations in place.