Common Information
| Type | Value |
|---|---|
| Value |
Exploitation for Client Execution - T1658 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to insecure coding practices that can lead to unanticipated behavior. Adversaries may take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility. Adversaries may use device-based zero-click exploits for code execution. These exploits are powerful because there is no user interaction required for code execution. ### SMS/iMessage Delivery SMS and iMessage in iOS are common targets through [Drive-By Compromise](https://attack.mitre.org/techniques/T1456), [Phishing](https://attack.mitre.org/techniques/T1660), etc. Adversaries may use embed malicious links, files, etc. in SMS messages or iMessages. Mobile devices may be compromised through one-click exploits, where the victim must interact with a text message, or zero-click exploits, where no user interaction is required. ### AirDrop Unique to iOS, AirDrop is a network protocol that allows iOS users to transfer files between iOS devices. Before patches from Apple were released, on iOS 13.4 and earlier, adversaries may force the Apple Wireless Direct Link (AWDL) interface to activate, then exploit a buffer overflow to gain access to the device and run as root without interaction from the user. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-12 | 6 | Multiple Vulnerabilities in Citrix Products Could Allow for Remote Code Execution | ||
| Details | Website | 2024-11-12 | 49 | Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution | ||
| Details | Website | 2024-11-07 | 2 | A Vulnerability in Android OS Could Allow for Remote Code Execution | ||
| Details | Website | 2024-11-04 | 27 | Jumpy Pisces Threat Intel | ||
| Details | Website | 2024-11-01 | 39 | Dark Web Profile: Tropic Trooper (APT23) - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2024-10-27 | 77 | Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution | ||
| Details | Website | 2024-10-16 | 13 | UAC-0050 Attack Detection: russia-Backed APT Performs Cyber Espionage, Financial Crimes, and Disinformation Operations Against Ukraine - SOC Prime | ||
| Details | Website | 2024-10-11 | 13 | Securing the Quantum Future: The Role of Confidential Computing in Blockchain Networks | ||
| Details | Website | 2024-10-08 | 53 | Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution | ||
| Details | Website | 2024-10-07 | 27 | Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution | ||
| Details | Website | 2024-09-30 | 8 | Dark Web Profile: UserSec - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2024-09-30 | 8 | Dark Web Profile: UserSec | ||
| Details | Website | 2024-09-16 | 97 | Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution | ||
| Details | Website | 2024-09-10 | 29 | Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution | ||
| Details | Website | 2024-09-03 | 46 | Most interesting IR cases in 2023: insider threats and more | ||
| Details | Website | 2024-08-28 | 28 | Analysis of two arbitrary code execution vulnerabilities affecting WPS Office | ||
| Details | Website | 2024-08-12 | 73 | Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution | ||
| Details | Website | 2024-07-30 | 76 | Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution | ||
| Details | Website | 2024-07-22 | 5 | Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android | ||
| Details | Website | 2024-07-09 | 8 | Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution | ||
| Details | Website | 2024-06-11 | 167 | Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution | ||
| Details | Website | 2024-05-14 | 38 | Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution | ||
| Details | Website | 2024-05-13 | 29 | Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution | ||
| Details | Website | 2024-03-18 | 96 | Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | ||
| Details | Website | 2024-03-18 | 96 | Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks |