The novel Daemon is frequently praised for being realistic in its portrayal rather than just mashing buzzwords.
However, this struck me as unrealistic:
Gragg's e-mail contained a poisoned JPEG of the brokerage logo. JPEGs were compressed image files. When the user viewed the e-mail, the operating system ran a decompression algorithm to render the graphic on-screen; it was this decompression algorithm that executed Gragg's malicious script and let him slip inside the user's system—granting him full access. There was a patch available for the decompression flaw, but older, rich folks typically had no clue about security patches.
Is there such a thing? Is this description based on some real exploit?
This was published in December 2006.
Is it sensible to say "the operating system" was decompressing the image to render it?
Note this has nothing to do with security of PHP image uploading scripts. I'm asking about the decoding process of displaying a JPEG, not scripts taking input from remote users, nor files misnamed as .jpeg
. The duplicate flagging I'm responding to looks poor even for a buzzword match; really nothing alike other than mentioning image files.