One of the things Apple's Lockdown mode does is disable previews of images or links that are sent to you.
replyIt seems like the lesson is that you shouldn't be processing data sent to the device by random strangers without the user explicitly choosing to open the file or follow the link.
That should be the default behavior, not a special lock down option that also disables other features.
replyWhy can't they just make it like most email clients? No preview by default, give a banner with an option to explicitly allow a preview for that specific message or conversation?
Well, one could argue that the lesson from CVE-2017-0780[1] should've been "don't automatically decode rich messages from untrusted sources".
reply[1]: https://www.trendmicro.com/en_us/research/17/i/cve-2017-0780...
Where are users being given an actual choice? There is no option for "iphone without these features", and I would wager that it has 0 bearing on anyone's decision to purchase a new iphone
reply> What is the purported lesson we should have learned?
replyNot to automatically execute things within data that we have been sent.
I think it's "don't use parsers written in unsafe languages".
replyI think it's simpler: don't touch untrusted content unless/until you need to.
reply