Even software that has been built with secure development procedures may still be vulnerable to attack, due to flaws in the interpreted programming languages they depend on.
IOActive researcher Fernando Arnaboldi revealed at last week’s Black Hat Europe conference that serious flaws in interpreters for five popular programming languages put applications parsed by them at risk.
Arnaboldi found, for example, that Python has “undocumented methods and local environment variables that can be used for OS command execution”.