alt Hacker News> Haven't we learned our lesson on this?
What is the purported lesson we should have learned? Users choose phones with rich messaging features. This was a major selling point for iPhone, first, with iMessage, and later with Android until iOS caught up with RCS.
Replies
Well, one could argue that the lesson from CVE-2017-0780[1] should've been "don't automatically decode rich messages from untrusted sources".
[1]: https://www.trendmicro.com/en_us/research/17/i/cve-2017-0780...
Where are users being given an actual choice? There is no option for "iphone without these features", and I would wager that it has 0 bearing on anyone's decision to purchase a new iphone
Didn't Android switch their codec stack to rust?
> What is the purported lesson we should have learned?
Not to automatically execute things within data that we have been sent.
One of the things Apple's Lockdown mode does is disable previews of images or links that are sent to you.
It seems like the lesson is that you shouldn't be processing data sent to the device by random strangers without the user explicitly choosing to open the file or follow the link.