[kasabali]

> CVE-2025-43529 allows threat actors a direct code execution capability, while CVE-2025-14174 provides the much needed sandbox escape and privilege escalation capabilities which makes it devastating

Good news for people wanting to run the code they want on their own devices?

[alephnerd]

Yep! It's good for jailbreaking, but it's a double edged sword because it's a similar approach that offensive actors use.

Most users lack the domain experience needed to protect and maintain hygiene against threat actors.

[red-iron-pine]

you and your friends can both run code on your device!

this assumes your friends are actually a North Korean APT