Like if nobody “asks” a piece of software to execute how does it get downloaded to my phone or PC and then execute it self ? I can understand attacks e.g where you download a jpeg and then click to open it and the jpeg had some extra malicious code in it etc, but without anybody “authorizing” anything how does the kernel allow the code to be run by the cpu etc ?
**EDIT** I am talking about forced entry zero click software like the one pegasus created for iphones
In: 190
A PDF file is probably easiest to understand here.
The specification for PDF says it can contain JavaScript code, to do stuff when you open the document.
Your email client on your phone probably opens PDF documents automatically, to save you a step from having to get an email and then open the PDF, that you’re going to do anyway.
So someone figures this out, and creates some malicious JavaScript that says ‘steal all the emails in this phone’. They then email it to you and as soon as you read the email, the ‘zero click’ happens without you having to have done anything.
Then a security person figures this method out and people implement fixes (like not running JavaScript automatically from emails) so it doesn’t happen again.
Latest Answers