In Hollywood, hackers need you to pick up the phone. In reality, modern cyber-warfare weapons like Pegasus (developed by NSO Group) are "Zero-Click". They require zero user interaction. The exploit arrives, executes, and deletes itself before your screen even lights up.

The Attack Surface: Parsers

Your phone is a parsing machine. It constantly receives data from the world and tries to render it. This is the weakness.
- iMessage: Automatically renders link previews and images.
- WiFi/Bluetooth: Automatically parses broadcast packets to show network names.
- Baseband: The modem chip parses cellular signals from cell towers.
Attackers hide malformed code in these data streams.

1. The "FORCEDENTRY" Exploit (PDF in a GIF)

This is arguably the most sophisticated exploit ever discovered (CVE-2021-30860).
The Delivery: A fake `.gif` file sent via iMessage.
The Trick: The file wasn't a GIF. It was a PDF masquerading as a GIF.
Apple's ImageIO library saw the `.gif` extension but detected the PDF header and passed it to the CoreGraphics PDF parser.
The Bug: The JBIG2 compression standard (used in photocopiers) allows for creating "symbol dictionaries". The exploit created a recursive symbol definition that caused an integer overflow.

Building a Computer inside a PDF

This is where it gets insane. The vulnerability only allowed basic logical operations (AND, OR, XOR) on memory.
The exploit authors successfully built a Turing-complete virtual CPU out of these logic gates inside the PDF parsing process.
They used this virtual CPU to search memory, find the delicious kernel addresses, and launch the rest of the payload. All while the victim's phone was in their pocket.

2. BLASTPASS (Wallet Image Exploit)

In 2023, NSO Group found another zero-click (CVE-2023-41064).
This time, they targeted the Apple Pay / Wallet image parsing logic.
By sending a malicious PassKit attachment (like a fake distinct flight boarding pass), they triggered a buffer overflow in the image rendering engine.
Again, no click required. The phone tries to render the preview notification... and game over.

3. Baseband Exploitation (The Cell Tower)

Your phone has two OSs: iOS/Android and the Baseband RTOS (Qualcomm Hexagon, Shannon).
The Baseband talks to the cell tower. If an attacker sets up a fake cell tower (Stingray), they can send malformed cellular packets.
If you hack the Baseband, you own the phone below the level of the Operating System. Wi-Fi and Cellular bugs are terrifying because they are "Proximity Zero-Clicks".

4. Apple's Defense: BlastDoor & Lockdown

Apple realized they couldn't patch every parser bug. So they built a quarantine zone.
BlastDoor: A secure sandbox written in Swift (memory safe).
When an iMessage arrives, it doesn't go to the main OS. It goes to BlastDoor. BlastDoor unpacks the images and links. If a bomb goes off (exploit), it only destroys the BlastDoor sandbox, not the phone.
Lockdown Mode: The "Paranoid Button" in iOS Settings. It disables JIT (Just-In-Time) compilation for JavaScript, blocks many attachment types, and blocks incoming FaceTime from strangers. It successfully blocked BLASTPASS.

Related Topics
#ZeroClick #Pegasus #ExploitDevelopment #iOSSecurity #Baseband #Forensics