From the short description in the article we know that the bug is somewhere in the default video codec paths. (Triggerable by embedded and automatically processed video file.) Of course that doesn't tell much, since the potential attack surface is a big one.
I wouldn't rule out browser as attack vector but I do think the heavy sandboxing at least limits damage and scope. As the article points out, messaging apps are in a different class.
Will be interesting to see how this develops. And because the vulnerability is in the system libraries, any app that can deliver video content may be used as an attack vector.
I wouldn't rule out browser as attack vector but I do think the heavy sandboxing at least limits damage and scope. As the article points out, messaging apps are in a different class.
Will be interesting to see how this develops. And because the vulnerability is in the system libraries, any app that can deliver video content may be used as an attack vector.