alt Hacker News“Zero-Click RCE”
This appears to require attacker controlled data already being written to a settings XML file in specific locations on disk.
Put simply, this requires another prerequisite arbitrary file write vulnerability to be reachable.
This isn’t “zero click” unless we’re going under the assumption that an attacker already has full control over my machine before that. At best, this is a persistence mechanism, not initial access.
Replies
ringzeropirate • today at 12:50 PM
same privileges, the attacker does not have full control of the system.
We are living through CVE-inflation (or CVEflation?) where anyone who discovers a bug using LLMs will instantly claim it is huge security hole.