this post was submitted on 01 Oct 2023
35 points (92.7% liked)

Sync for Lemmy

15144 readers
2 users here now

๐Ÿ‘€


Welcome to Sync for Lemmy!

Download Sync for Lemmy


Welcome to the official Sync for Lemmy community.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Community Rules


1- No advertising or spam.

All types of advertising and spam are restricted in this community.



Community Credits

Artwork and community banner by: @[email protected]


founded 1 year ago
MODERATORS
 

Looks like a massive vulnerability has been discovered, basically affecting any apps with web browsing functionality. Was interested in seeing how this affects Sync (including the old Sync for Reddit app I guess too, which is still being used out there and won't get any needed security patches).

It sounds like a fix should be in the Android OS security patch for October, but not sure if that protects individual apps at risk still

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 11 points 1 year ago (3 children)

Android has its own media player APIs, you just have to tell it what to play and give it a place in the UI for the player canvas. You can even design your own controls for it.

When you open a webpage in Sync, that's an embedded web browser also provided by Android.

It's unlikely that Sync links to libwebp directly.

The Sync for Reddit app isn't usable anymore as it can no longer access the Reddit API. All you get are errors when you try to use it now.

[โ€“] [email protected] 4 points 1 year ago (1 children)

The Sync for Reddit app isn't usable anymore as it can no longer access the Reddit API. All you get are errors when you try to use it now.

There is a ReVanced patch to spoof the current client with a different oAuth token to work around tye API restrictions.

https://revanced.app/patches?pkg=com.laurencedawson.reddit_sync

[โ€“] [email protected] 3 points 1 year ago

Yeah most of the old reddit browsers for Android seem to have a patch like this. Obviously they're no longer intended for use by the developers, but for anyone using them it would probably be good to know whether they will be forever at risk to a vulnerability like this.

load more comments (1 replies)