Like if nobody “asks” a piece of software to execute how does it get downloaded to my phone or PC and then execute it self ? I can understand attacks e.g where you download a jpeg and then click to open it and the jpeg had some extra malicious code in it etc, but without anybody “authorizing” anything how does the kernel allow the code to be run by the cpu etc ?
**EDIT** I am talking about forced entry zero click software like the one pegasus created for iphones
In: 190
Zero-click exploits are quite rare, but usually work by taking advantage of one of the many things that a computer(a browser most the time) does without you asking it
Practically every website runs some amount of code to show you the page. browsers have the task of making sure that code can’t/doesn’t hurt your computer, by doing something called containerization. Browsers often have a few layers of containers one for the whole browser and another smaller one for each tab. these containers are just programs and can have flaws like any other code, that lets certain very specific code ‘break’ the container and access either the other tabs in the browser or break the external container to get at your operating system.
These exploits can make hackers a lot of money and cost everyone else a lot, so companies like Google and Mozilla usually offer “bug bounties,” payment to incentivize people to find these flaws and report them so they can be fixed before malicious actors can exploit them
Latest Answers