Like if nobody “asks” a piece of software to execute how does it get downloaded to my phone or PC and then execute it self ? I can understand attacks e.g where you download a jpeg and then click to open it and the jpeg had some extra malicious code in it etc, but without anybody “authorizing” anything how does the kernel allow the code to be run by the cpu etc ?
**EDIT** I am talking about forced entry zero click software like the one pegasus created for iphones
In: 190
Computers do lots of things without the user explicitly instructing them to. When you open a folder in File Explorer, did you tell Windows to generate thumbnails for the image files in the folder? No, but it does it anyway, because that’s how Windows was coded.
When you enter a URL, did you explicitly tell your browser to retrieve a JavaScript file from another web server and execute its contents? No, but your browser does it anyway, because it’s developers and the HTML for the website told it to.
Do you constantly open your phone and tell it to check for new SMS messages? No, but it will do it anyway, because a phone that doesn’t automatically notify you of new messages is pretty useless for most people today.
All of these functions are implemented by software, and like any software they can have security vulnerabilities that might be exploited my malicious actors. In many cases these kinds of exploits are worse, because the underlying feature is often something that has low-level access to the system, or is coded with certain assumptions about the data and may not verify it like it would with user input.
Latest Answers