Like if nobody “asks” a piece of software to execute how does it get downloaded to my phone or PC and then execute it self ? I can understand attacks e.g where you download a jpeg and then click to open it and the jpeg had some extra malicious code in it etc, but without anybody “authorizing” anything how does the kernel allow the code to be run by the cpu etc ?
**EDIT** I am talking about forced entry zero click software like the one pegasus created for iphones
In: 190
There are a lot of cases where, when a message gets sent to you, your device performs certain types of processing automatically before you even get notified of the message or interact with it at all. If you get a message with an attachment that might be an image or video, for example, your device might attempt to process it before it creates a notification so that the notification can contain a preview of it. In the process of doing that, it must determine that it’s a photo, what format it’s in, what size it is, and process it to scale it down and create a tiny version in the right format to be shown in a notification.
If you can generate a malicious attachment to a message that exploits a flaw in some of that early processing code, you can get your malicious code to run before the user even gets notified that they got a message, much less has to interact with it. It’s a very handy trick, but harder to pull off, since the level of processing that happens at this stage is pretty limited.
Latest Answers