Attack vectors

[dalbasecurity]

Hi Saar,

We assume that this vulnerability is only exploitable using an app which the attacker would need to install and run on the victim device. Is this correct?

Asking because in your blogpost at the very beginning you mention that this exploit may be useful for chaining (Webcontent), not sure if you mean the exploit code being served in malicious webcontent (=> app store whitelisting restrictions would not mitigate) or serving webcontent as an earlier stage of delivering the actual app containing the exploit.

Thanks and Best regards