2021-03-22 13:00:55
Google Project Zero is one of the highly regarded professional security organizations today. The team’s findings are not only important for Google products themselves, but also for other software products and services of other developers.
Project Zero experts have just released the announcement that a group of hackers used a total of 11 different zero-day vulnerabilities in their attacks, targeting Windows, iOS and Android users. . It is known that this campaign has been going on for at least a year.
In addition, according to the preliminary results of Project Zero’s investigation, the hacker group behind these attacks carried out two separate campaigns, in February and October 2020. However, damage as well as poisoning. The cause in practice is not yet fully statistic.
During these campaigns, the attackers used dozens of websites hosting the exploit server simultaneously, each targeting iOS as well as Windows or Android user groups.
Maddie Stone, a Project Zero team member, said: “In our testing, both mining servers existed on all detected domains. After the initial sampling (which appears to be based on the origin of the IP address and the user agent), an iframe was thrown onto the site pointing to one of the two mining servers.“.
Overall, after a relatively thorough analysis of the October 2020 campaign, Project Zero researchers found:
A full exploit targeting Windows 10 has been fully patched with Google Chrome.
The two partial exploit chains target two different fully patched Android 10 devices using Google Chrome and Samsung Browser.
Several chains of RCE exploits target iOS 11-13 devices. And a string of privileged escalation exploits targeting iOS 13 (with exploited bugs present on iOS 14.1 as well).
“In short, the malicious agents used a total of 11 different zero-day vulnerabilities in their campaigns in less than a year.” The 11 vulnerabilities used to build this large-scale mining chain have the following identifiers:
- CVE-2020-6418 – Chrome – February 2020
- CVE-2020-0938 – Windows – February 2020
- CVE-2020-1020 – Windows – February 2020
- CVE-2020-1027 – Windows – February 2020
- CVE-2020-15999 – Chrome – October 2020
- CVE-2020-17087 – Windows – October 2020
- CVE-2020-16009 – Chrome – October 2020
- CVE-2020-16010 – Windows – October 2020
- CVE-2020-27930 – Safari – October 2020
- CVE-2020-27950 – iOS – October 2020
- CVE-2020-27932 – iOS – October 2020
This is a commendable discovery of Project Zero. Each rediscovered exploit reveals experts’ understanding of the vulnerability as well as the background it affects.
“Temporarily set aside the mining operation, the payload modulus, the interchangeable mining chain, logging, targeting and the maturity level of one actor’s operation make them different special. The process of figuring out how to activate the iOS kernel’s privilege vulnerability won’t be easy. The decoding methods are varied and time consuming to figure out”, Said Project Zero representative.
According to Google Project Zero, after a security vulnerability is discovered, team experts will actively contact the software owner to provide detailed information about the vulnerability. The developer will have 90 days to fix the issue before Google makes the vulnerability public. Depending on the complexity of the fix request, Google will occasionally loosen the time it takes for a developer to patch.
Also, in the case of Chrome Freetype zero-day, the exploit method used by this hacking team is new to Project Zero.
.
#Hackers #zeroday #vulnerabilities #attack #Windows #iOS #Android #users
