How bad can a zero-day exploit get? As it turns out, pretty freaking terrible.
Zero-day exploits are vulnerabilities in applications, firmware, and operating systems that are exploited before even the original developer of the targeted platform is aware of the problem. As such, the problem can be exploited before any fix can even be created, much less distributed.
These exploits can then be used to do any number of things, depending on their nature. Some zero-days only allow basic access to systems with limited importance and no actionable intelligence. Others, well, they can be both critically important and disturbingly insidious. As far as the “importance” part goes, you’re talking about command and control; complete access to an ecosystem. But it’s the “insidious” part that makes the topic for today particularly interesting.
These two zero-day exploits do not require the victim to do anything for the attack to succeed. No link to click on, no image to download. All that needs to happen is for the cybercriminal to initiate the attack, and there’s nothing you can do about it.
How do you know if you’re vulnerable? Check out the podcast to find out. (FYI, one of the vulnerable systems is currently installed in a significant number of cars worldwide right now.)
For more information, resources, and a full transcript of this episode, check out the original post.