Like if nobody “asks” a piece of software to execute how does it get downloaded to my phone or PC and then execute it self ? I can understand attacks e.g where you download a jpeg and then click to open it and the jpeg had some extra malicious code in it etc, but without anybody “authorizing” anything how does the kernel allow the code to be run by the cpu etc ?
**EDIT** I am talking about forced entry zero click software like the one pegasus created for iphones
In: 190
This can only happen with a major flaw in the operating system and software running on the computer. And it’s not usually “just” a download of a nasty file that somehow runs itself. It would require a combination of a flaw in a web browser for example to both download and trigger the file to run. For example if you open a link to a Zoom meeting you will usually get a pop up that asks “do you want to use the Zoom application to open this link?” So on one hand, you have a layer of security there, on the other hand your web browser is able to send instructions to other applications, so you can imagine there is some potential for abuse if that browser doesn’t do this check properly and just passes off instructions to another program.
And you can imagine the OS itself could similarly have flaws though the details would be different. None of this can just run without your consent… if the system is working properly according to modern security standards. But sometimes systems don’t work properly according to modern security standards.
It would be quite rare to be struck by one of these vulnerabilities as these are the types of issues that get lots of attention and have security updates released to fix them ASAP.
On the other hand if you don’t keep both your OS and software up to date the chance for problems is higher…
Latest Answers