![]() They were initially observed targeting Egyptian presidential hopeful, Ahmed Eltantawy.Ī previous duo of Apple zero-days used in a “BlastPass” exploit chain were traced to the NSO Group and its Pegasus spyware. These were discovered by TAG and the non-profit Citizen Lab.Ĭitizen Lab tied the bugs to Cytrox’s Predator spyware and said they were delivered via links sent on SMS and WhatsApp. Just last week, Apple patched three zero-day vulnerabilities it claimed may have been actively exploited in the wild on iOS devices. It’s unclear exactly who that vendor is at this stage, but there has been a spate of zero-day discoveries of late tied back to commercial spyware makers. Read more on spyware: NSO Group's Pegasus Spyware Found on High-Risk iPhones That was confirmed by TAG researcher, Maddie Stone, who said the vulnerability is “in use by a commercial surveillance vendor.” ![]() The quick turnaround time for a patch signifies the criticality of the bug. However, we do know that it was reported by Clément Lecigne of Google’s Threat Analysis Group (TAG) on Monday. No other details were available on the official Google Chrome update page, although the firm said “access to bug details and links may be kept restricted until a majority of users are updated with a fix.” Most noteworthy is a fix for CVE-2023-5217, described as a heap buffer overflow issue in the VP8 encoding of open source libvpx video codec library. Google Chrome 1.132 is currently rolling out worldwide to Windows, Mac and Linux users in the Stable desktop channel. Google has patched three high-severity flaws in the latest release of its Chrome browser, including one zero-day vulnerability it said is being actively exploited in the wild.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |