“Expert” hackers used 11 0-days to infect Windows, iOS, and Android users

by
Dan Goodin
from Ars Technica - All content on (#5FHCT)
zeroday-800x534.jpg

Enlarge (credit: Getty Images)

A team of advanced hackers exploited no fewer than 11 zero-day vulnerabilities in a nine-month campaign that used compromised websites to infect fully patched devices running Windows, iOS, and Android, a Google researcher said.

Using novel exploitation and obfuscation techniques, a mastery of a wide range of vulnerability types, and a complex delivery infrastructure, the group exploited four zero-days in February 2020. The hackers' ability to chain together multiple exploits that compromised fully patched Windows and Android devices led members of Google's Project Zero and Threat Analysis Group to call the group highly sophisticated."

Not over yet

On Thursday, Project Zero researcher Maddie Stone said that, in the eight months that followed the February attacks, the same group exploited seven more previously unknown vulnerabilities, which this time also resided in iOS. As was the case in February, the hackers delivered the exploits through watering-hole attacks, which compromise websites frequented by targets of interest and add code that installs malware on visitors' devices.

Read 8 remaining paragraphs | Comments

index?i=Skt0c3iplkI:4cMN7nGHQeE:V_sGLiPB index?i=Skt0c3iplkI:4cMN7nGHQeE:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments