2·
2 days agoThats called a downgrade attack and is explicitly blocked by most modern security models that are not a PC.
Semperverus
while(true){💩};
- 0 Posts
- 2 Comments
Joined 3 years ago
Cake day: June 11th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Is it?
As a malicious actor or red-team player, I would want to get you on as old of an OS as I could in order to exploit a wider range of CVEs. Or in most cases, one would be hunting for a specific set of CVEs. Once I’ve got you on the version I want, I can then perform other attacks and ensure that they run.
The iPhone, many Android phones, some network equipment, and game consoles all have eFuses that burn when you perform an update, and the specific number or pattern they burn in is used to determine the lowest OS version your device is allowed to be on in order to stop this from happening.