ME:: SVG w/link to PDF that downloads a ZIP with a JS which downloads and runs a JAR in order to get around corporate firewalls, AV and security ; LLM used to find a vulnerability, and to generate a python script that reproduces it ; Jonathan Bennett:: June 20, 2025:: This Week In Security: That Time I Caused A 9.5 CVE, IOS Spyware, And The Day The Internet Went Down ¦ Hackaday
Discovered: Jul 6, 2025 00:54 ME:: SVG w/link to PDF that downloads a ZIP with a JS which downloads and runs a JAR in order to get around corporate firewalls, AV and security ; LLM used to find a vulnerability, and to generate a python script that reproduces it ; Jonathan Bennett:: June 20, 2025:: This Week In Security: That Time I Caused A 9.5 CVE, IOS Spyware, And The Day The Internet Went Down ¦ Hackaday
QUOTE
- Read the whole thing: Jonathan Bennett:: June 20, 2025:: This Week In Security: That Time I Caused A 9.5 CVE, IOS Spyware, And The Day The Internet Went Down ¦ Hackaday
The attack chain that X-Force highlights is convoluted, with the SVG containing a link offering a PDF download. Clicking this actually downloads a ZIP containing a JS file, which when run, downloads and attempts to execute a JAR file. This may seem ridiculous, but it’s all intended to defeat a somewhat sophisticated corporate security system, so an inattentive user will click through all the files in order to get the day’s work done. And apparently this tactic works.
…
We’ve talked a few times about vibe researching, but [Craig Young] is only tipping his toes in here. He used an LLM to find a published vulnerability, and then analyzed it himself. Turns out that the GIMP despeckle plugin doesn’t do bounds checking for very large images. Back again to an LLM, to get a Python script to generate such a file. It does indeed crash GIMP when trying to despeckle, confirming the vulnerability report, and demonstrating that there really are good ways to use LLMs while doing security research.