Type confusion is a bug where software treats a value, object, or pointer as the wrong data type. In low-level code, that can mean reading the memory layout of one class as if it were another, or calling methods on an object that is not what the program expects. The result may be a crash, data corruption, or, in serious cases, an attacker gaining the ability to read or write memory.
Type confusion matters in cyber security because it often appears in browsers, interpreters, and other engines that handle complex object models and untrusted input. Attackers look for these flaws in JavaScript engines, media parsers, and graphics code, where a bad cast or incorrect type check can become a path to remote code execution. Defenders find them with fuzzing, sanitizers, and code review, then reduce risk with stricter type validation, safer language features, and sandboxing.



