Security News > 2022 > May > Packaged zero-day vulnerabilities on Android used for cyber surveillance attacks
A new report from Google's Threat Analysis Group exposes the use of five different zero-day vulnerabilities targeting Chrome browser and Android operating systems.
Google assesses with high confidence that these exploits have been packaged by a single commercial surveillance company named Cytrox.
The new research from Google explains that Cytrox sells these new exploits to government-backed actors, who then used them in three different attack campaigns.
According to Google, it was sold by an exploit broker and probably abused by several surveillance vendors.
Analysis of the exploit identified two different Chrome vulnerabilities, CVE-2021-37973 and CVE-2021-37976.
After the sandbox escape was successful, the exploit downloaded another exploit to elevate the users privileges and install the implant.
News URL
https://www.techrepublic.com/article/packaged-zero-day-vulnerabilities-android-attacks/
Related news
- Google fixes two Android zero-days used in targeted attacks (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- CUPS vulnerabilities could be abused for DDoS attacks (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-08 | CVE-2021-37976 | Missing Authorization vulnerability in multiple products Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
| 2021-10-08 | CVE-2021-37973 | Use After Free vulnerability in multiple products Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |