Hackers Use 11 Zero-Days Vulnerabilities while infecting the users from Windows iOS and Android!

Hackers Use 11 Zero-Days Vulnerabilities while infecting the users from Windows iOS and Android!

On Sunday, the Google zero-day bug-hunting team find out the group of attackers that are using the 11 zero-days while targeting the users from Windows, Android, and iOS this year. The Project team also state that the hacking group behind this attack is executing two different attacks between February and October 2020.

According to the investigation the report states they used seven zero-days in January and showed how the other 4 zero-days are also used together while exploiting the big attacks.

However, the hackers also used multiple websites that can host 2 exploit servers, and each of the servers is used while targeting the iOS, Android, and Windows users respectively.

What Researchers Concluded?

Hackers Use 11 Zero-Days Vulnerabilities while infecting the users from Windows IOS and Android!

The experts state that during their testing both the servers used are exploited and discovered in all the domains. Once the initial fingerprinting is completed, an iframe was driven into the website that points to one of two servers that may exploit.

Whereas, while analyzing the campaign the experts also find out the following things;

  • Another Exploited Chain Targeted fully Patched Windows 10 that Use the Google Chrome.
  • Two partial chains are targeting 2 different Android devices that running on Android 10 that use Google Chrome and Samsung Browser.
  • Multiple RCE exploits are used for iOS 11-13 and that privileges the escalation the may execute an exploit in iOS 13.

The security researcher also added that according to the investigation the attackers also used 11 zero-day vulnerabilities in a year. These 11 zero-day vulnerabilities are misused by building the chains of the attacks that deal with;

  • CVE-2020-6418 – Chrome Vulnerability in TurboFan (February 2020)
  • CVE-2020-0938 – Font Vulnerability on Windows (February 2020)
  • CVE-2020-1020 – Font Vulnerability on Windows (February 2020)
  • CVE-2020-1027 – Windows CSRSS Vulnerability (February 2020)
  • CVE-2020-15999 – Chrome Freetype heap buffer overflow (October 2020)
  • CVE-2020-17087 – Windows heap buffer overflow in CNG.sys (October 2020)
  • CVE-2020-16009 – Chrome type confusion in TurboFan map deprecation (October 2020)
  • CVE-2020-16010 – Chrome for Android heap buffer overflow (October 2020)
  • CVE-2020-27930 – Safari arbitrary stack read/write via Type 1 fonts (October 2020)
  • CVE-2020-27950 – iOS XNU kernel memory disclosure in each message trailers (October 2020)
  • CVE-2020-27932 – iOS kernel type confusion with turnstiles (October 2020)

All the discovered exploits are also revealed that the vulnerabilities are discovered is may get exploited and whereas in the case of Google Chrome Freetype zero-day, the exploit used by the hackers are identified as the new threat.

Summering Up

The experts state that the modularity of these payloads are may create interchangeable exploitation that chains, logging, targeting, and maturity of the actor’s operation while setting attacks, The entire process of how to trigger these attacks in the iOS system is not easy and the methods they used may be varied or update according to the time and situation.

Leave a Reply