Security News > 2021 > March > Hacking group used 11 zero-days to attack Windows, iOS, Android users
Project Zero, Google's zero-day bug-hunting team, discovered a group of hackers that used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year.
The Project Zero team revealed that the hacking group behind these attacks ran two separate campaigns, in February and October 2020.
The attackers used a couple of dozen websites hosting two exploit servers, each of them targeting iOS and Windows or Android users.
One full exploit chain targeting fully patched Windows 10 using Google Chrome.
Several RCE exploits for iOS 11-13 and a privilege escalation exploit for iOS 13.
In the case of the Chrome Freetype zero-day, the exploitation method used by this hacking group was new to Project Zero.
News URL
Related news
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- Microsoft fixes 6 zero-days under active attack (source)
- New Windows SmartScreen bypass exploited as zero-day since March (source)
- Windows driver zero-day exploited by Lazarus hackers to install rootkit (source)
- Hackers steal banking creds from iOS, Android users via PWA apps (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- PEAKLIGHT Downloader Deployed in Attacks Targeting Windows with Malicious Movie Downloads (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)
- Versa fixes Director zero-day vulnerability exploited in attacks (source)
- Windows 11 KB5041587 update adds sharing to Android devices (source)