Can you really just send an executable thru iMessage and expect the app to run it? What kind of flaws do these exploits use? How do you even start researching one?
I’m not saying I want to do it (ok maybe on an OLD device I own) but where could one find more info?
Is it really that easy to force a device to run certain code?
> Can you really just send an executable thru iMessage and expect the app to run it?
No, not as simple as that.
> What kind of flaws do these exploits use?
Usually a vulnerability is used, and an exploit is created for it.
There are lots of different kind of vulnerabilities, Buffer Overflow, Buffer Underflow, Use After Free, Logical Errors, etc…
> How do you even start researching one?
You use tools that help you see the underlying code the gets executed by the processor, this code can have flaws, so one needs to read a lot if it, understand it better than the original developer, and potentially find a flaw in the code. (This is called reverse engineering)
> where could one find more info?
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x06c-Reverse-Engineering-and-Tampering.md
Also more googling.
> Is it really that easy to force a device to run certain code?
It’s not easy to find/create such an exploit, but it’s easy to use once it’s fully created and working.
Until the vulnerability is fixed, then the exploit is useless on updated devices/applications.