Security News > 2023 > March > Google finds more Android, iOS zero-days used to install spyware

Google's Threat Analysis Group discovered several exploit chains using Android, iOS, and Chrome zero-day and n-day vulnerabilities to install commercial spyware and malicious apps on targets' devices.
The attackers targeted iOS and Android users with separate exploit chains as part of a first campaign spotted in November 2022.
In this campaign, an Android exploit chain was also used to attack devices featuring ARM GPUs with a Chrome GPU sandbox bypass zero-day, an ARM privilege escalation bug, and a Chrome type confusion bug with an unknown payload. "When ARM released a fix for CVE-2022-38181, several vendors, including Pixel, Samsung, Xiaomi, Oppo and others, did not incorporate the patch, resulting in a situation where attackers were able to freely exploit the bug for several months," Google TAG's researchers said.
This is part of an ongoing effort to keep an eye on the commercial spyware market and track the zero-day vulnerabilities they're exploiting to install their tools on the vulnerable devices of human rights and political activists, journalists, politicians, and other high-risk users worldwide.
Google said in May 2022 that it was actively tracking more than 30 vendors with variable levels of public exposure and sophistication known to sell surveillance capabilities or exploits to government-sponsored threat actors worldwide.
One month earlier, another surveillance campaign was brought to light by Google TAG, where state-sponsored attackers exploited five zero-days to install Predator spyware developed by Cytrox.
News URL
Related news
- Google fixes Android zero-day exploited by Serbian authorities (source)
- New North Korean Android spyware slips onto Google Play (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- ⚡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- How Google tracks Android device users before they've even opened an app (source)
- Google expands Android AI scam detection to more Pixel devices (source)
- Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud (source)
- Malicious Android 'Vapor' apps on Google Play installed 60 million times (source)
- Google Gemini's Astra (screen sharing) rolls out on Android for some users (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-25 | CVE-2022-38181 | Use After Free vulnerability in ARM products The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. | 8.8 |