Several commercial spyware vendors developed and used zero-day exploits against iOS and Android users last year. However, their exploit chains also relied on known vulnerabilities to work, highlighting the importance of both users and device manufacturers to speed up the adoption of security patches.
“The zero-day exploits were used alongside n-day exploits and took advantage of the large time gap between the fix release and when it was fully deployed on end-user devices,” researchers with Google’s Threat Analysis Group (TAG) said in a report detailing the attack campaigns. “Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits.”
More Stories
Friday Squid Blogging: Light-Emitting Squid
It’s a Taningia danae: Their arms are lined with two rows of sharp retractable hooks. And, like most deep-sea squid,...
University of Manchester Suffers Suspected Data Breach During Cyber Incident
The University is working with authorities to resolve the incident and understand what data has been accessed Read More
Barracuda: Immediately rip out and replace our security hardware
Barracuda Networks is taking the unusual step of telling its customers to physically remove and decommission its hardware. Read More
Google launches Secure AI Framework to help secure AI technology
Google has announced the launch of the Secure AI Framework (SAIF), a conceptual framework for securing AI systems. Google, owner...
Barracuda Urges Swift Replacement of Vulnerable ESG Appliances
Investigating the ESG bug, Rapid7 assumed the presence of persistent malware hindering device wipes Read More
Operation Triangulation: Zero-Click iPhone Malware
Kaspersky is reporting a zero-click iOS exploit in the wild: Mobile device backups contain a partial copy of the filesystem,...