Like if nobody “asks” a piece of software to execute how does it get downloaded to my phone or PC and then execute it self ? I can understand attacks e.g where you download a jpeg and then click to open it and the jpeg had some extra malicious code in it etc, but without anybody “authorizing” anything how does the kernel allow the code to be run by the cpu etc ?
**EDIT** I am talking about forced entry zero click software like the one pegasus created for iphones
In: 190
They’re usually more rare exploits, sometimes as the result of situations where a trusted component has a flaw that causes it to execute data as code.
For example, in the case of a cellular modem flaw from earlier this year (CVE-2023-24033, CVE-2023-26496, CVE-2023-26497 and CVE-2023-26498), it was found that since the modem is always trusted, it could be possible to craft a exploit that forced a victim’s modem to run code on the system without any restrictions. This could allow a device to be compromised without the user even accepting a phone call.
Latest Answers