[coldtea]

Yeah, let's stick with raw C/C++, that would be much safer...

Or maybe let's use some research language made by Wirth, and get access to all 10 of packages and 5 devs worldwide using it :-)

[pjmlp]

For starters, leave it on the browser.

I didn't mention any programming language.

[gitweb]

Telegram Desktop is a cross-platform C++ app. What similar remote code execution exploit has existed in the wild for it?

[coldtea]

The exact same kind of RCE?

https://securelist.com/zero-day-vulnerability-in-telegram/83...

and others...

https://www.notebookcheck.net/Researchers-at-Symantec-discov...

[gitweb]

One of them requires the user to click run on a file, much like running an EXE. The other, simply saves potentially malicious data to external storage which would then have to be run by a separate malicious third-party app. This are far from RCE exploits that execute immediately without poor user decision making, and Rust is not impervious to security exploits similar to these.

[untog]

C'mon. Just because there is one C++ app without remote exploits doesn't mean all C++ apps are immune.

[valand]

FYI it's not just PL that factors into security. The engineers, for example.