• The Hobbyist
    link
    fedilink
    English
    arrow-up
    38
    ·
    1 year ago

    At a very high level: the attacker sends a picture which somehow is opened by Apple Wallet and leads to the execution of arbitrary code (this is the vulnerability, in how the wallet parses the picture, allowing for a buffer overflow), deactivation of certain security features and download/execution of the malicious payload.

    • p_q@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      sure apple wallet is requierd for it to work? red it like the image part can come remotely by picture 0click (by link preview archived) or via using the wallet app, not both in conjunction.