• computergeek125@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    1
    ·
    10 months ago

    As an IT Engineer this concept frankly terrified me and feels like your opening yourself up to a potential zero click attack - such as https://threatpost.com/apple-mail-zero-click-security-vulnerability/165238/

    So my initial answer is an emphatic “please do not the ZIP”. It could be as mundane as a ZIP bomb, or it could explain a vulnerability in the operating system or automatic extraction program. Having a human required to open the ZIP prior to its expansion reduces its attack surface area somewhat (but not eliminates it) because it allows the human to go “huh this ZIP looks funny” if something is off, rather than just dispatching an automated task.

    With that out of the way - what’s your use case with this? There has to be a specific reason your interested in saving a few clips here on one highly specific archive format, but not others like the tar unix archive, 7z, or RAR.

    • maness300@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      arrow-down
      14
      ·
      9 months ago

      I didn’t read your response beyond the first sentence.

      If Apple can do this, why can’t we?

      • computergeek125@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        9 months ago

        I do not have an answer for that. But if you only plan to read one part of my answer I would suggest reading the last sentence of my response instead of the first. Can’t help you if you don’t tell me what’s wrong.