[gitweb]

Telegram Desktop is a cross-platform C++ app. What similar remote code execution exploit has existed in the wild for it?

[coldtea]

The exact same kind of RCE?

https://securelist.com/zero-day-vulnerability-in-telegram/83...

and others...

https://www.notebookcheck.net/Researchers-at-Symantec-discov...

[gitweb]

One of them requires the user to click run on a file, much like running an EXE. The other, simply saves potentially malicious data to external storage which would then have to be run by a separate malicious third-party app. This are far from RCE exploits that execute immediately without poor user decision making, and Rust is not impervious to security exploits similar to these.

[untog]

C'mon. Just because there is one C++ app without remote exploits doesn't mean all C++ apps are immune.

[valand]

FYI it's not just PL that factors into security. The engineers, for example.