2021-03-19 00:55:50
In-the-Wild Series: October 2020 0-day discovery
https://googleprojectzero.blogspot.com/2021/03/in-wild-series-october-2020-0-day.html
In October 2020, Google Project Zero discovered seven 0-day exploits being actively used in-the-wild. These exploits were delivered via "watering hole" attacks in a handful of websites pointing to two exploit servers that hosted exploit chains for Android, Windows, and iOS devices. These attacks appear to be the next iteration of the campaign discovered in February 2020 and documented in below blog posts:
Part1: Introducing the In-the-Wild Series
https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html
Part2: Chrome Infinity Bug
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html
Part3: Chrome Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-exploits.html
Part4: Android Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-exploits.html
Part5: Android Post-Exploitation
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-post-exploitation.html
Part6: Windows Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-windows-exploits.html
#reverse #expdev #rce #lpe #sandbox #escape #android #ios #windows #chrome #browser #darw1n
608 viewsedited 21:55