|
|
|
|
|
|
by saiya-jin
1114 days ago
|
|
|
Even if it would be a simple text message (which its not for iphone), it triggers a text parser at minimum. That parser can have carious bugs in it, ie if parser checks phone contacts to highlight phone number in text as a known contact, identifies some weblink etc. To sum it up to have it as fancy as possible to users it checks various things and needs permissions for that. Enough 0days in the chain and you can do whatever you need. This is the problem of closed systems, you have to trust manufacturer 100%, there is no independent audit possible. And if you ever did any serious code before, you know by heart that any code has bugs, in the code, in platform/VM it runs, apis etc. |
|
|