Security News > 2021 > March > Hacking group used 11 zero-days to attack Windows, iOS, Android users
2021-03-20 14:41
Project Zero, Google's zero-day bug-hunting team, discovered a group of hackers that used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year.
The Project Zero team revealed that the hacking group behind these attacks ran two separate campaigns, in February and October 2020.
The attackers used a couple of dozen websites hosting two exploit servers, each of them targeting iOS and Windows or Android users.
One full exploit chain targeting fully patched Windows 10 using Google Chrome.
Several RCE exploits for iOS 11-13 and a privilege escalation exploit for iOS 13.
In the case of the Chrome Freetype zero-day, the exploitation method used by this hacking group was new to Project Zero.
News URL
Related news
- Google fixes Android kernel zero-day exploited in attacks (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Windows 11's Start menu is getting iPhone and Android integration (source)
- 7-Zip MotW bypass exploited in zero-day attacks against Ukraine (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)