Like if nobody “asks” a piece of software to execute how does it get downloaded to my phone or PC and then execute it self ? I can understand attacks e.g where you download a jpeg and then click to open it and the jpeg had some extra malicious code in it etc, but without anybody “authorizing” anything how does the kernel allow the code to be run by the cpu etc ?
**EDIT** I am talking about forced entry zero click software like the one pegasus created for iphones
In: 190
Lots of these attacks have been targeting the code that OSes use to read the details of things like JPEG images or video files. Decoding the contents of something like a JPEG can be very complex, especially when the code not only has to deal with correctly formatted images, but also end up with workarounds in it for reading images generated but other code that didn’t quite follow the standard exactly.
And complex code like this becomes relatively easy to attack, by passing deliberately badly formatted data to it. You find the right combination of bad data that causes the OS code to crash in such a way that it ends up running some of the data in your badly formatted image as code.
You then send this badly formatted image to someone via text/WhatsApp/email etc. When the messaging app wants to maybe show a notification, with the image of it, the OS reads the details of the image and the malicious code gets to run.
To combat this OSes (especially mobile ones) have been moving code like this into special walled off areas, so that that if someone manages to trigger a bug like this they can’t escape and run their code in a context that can cause damage.
Latest Answers