Re: Mitigation
Haven't looked into the details but presumably one would "exploit the exploit" with a specially crafted image containing some code.
If (huge if) this is already in the wild it's not impossible that it sends itself to contact lists etc so "trusted sources" (e.g. family/friends) becomes a meaningless term.