But malware wrapped as video (or any other doc or media format) still needs to be executed, right? So if you don’t give that file execute permission (which Linux doesn’t give by default) and open it through media player or something, could said potential malware still run? I thought it couldn’t unless the player itself is vulnerable
no, these things would try to exploit the program that read them.
it’s not a likely attack vector, you need both a malware file, and the right program trying to read it. it might not also be transferrable across different os.
But malware wrapped as video (or any other doc or media format) still needs to be executed, right? So if you don’t give that file execute permission (which Linux doesn’t give by default) and open it through media player or something, could said potential malware still run? I thought it couldn’t unless the player itself is vulnerable
no, these things would try to exploit the program that read them.
it’s not a likely attack vector, you need both a malware file, and the right program trying to read it. it might not also be transferrable across different os.
so yes, it needs a media player to attack. https://nvd.nist.gov/vuln/detail/CVE-2021-25801 this one f.ex