Security Week 03: Attack on Windows and Android in Detail

The Google Project Zero team has published a detailed study of the attack using zero-day vulnerabilities in Google Chrome and Windows. The main task of this department of Google is to find new vulnerabilities, so this study turned out to be unconventional for them, but no less useful. When a message appears about the closure of a particular vulnerability in software, you always want to understand what kind of threat these bugs pose, whether they are exploited by cybercriminals or will never be used by anyone. The publication of Project Zero, albeit with a six-month delay, shows how exploitation happens in practice.





In addition to Windows and the Chrome browser, the group under investigation tried to attack Android smartphones. However, publicly known vulnerabilities were used there (but not necessarily closed on a specific device). In addition to the principle of operation of the exploits themselves, this part of the article discusses actions after hacking a mobile device: gaining full access, attempts to hide functionality from researchers, communication with the C&C server, and data output.



The publication is divided into six parts, where a key vulnerability in Google Chrome (in the JavaScript compiler), exploits for this browser, exploits for Android, and exploitation of vulnerabilities in Windows are sequentially considered. All vulnerabilities in the OS were closed in April last year, a patch for Chrome was released in February. Google does not disclose the details of the malicious campaign. We only know that the researchers managed to find two servers with a set of exploits for PCs and mobile phones (separately from each other), to which they lured users. You should start reading the Project Zero researchers' publication from here , there are also links to other parts.

What else happened

On Tuesday January 12th, Microsoft released the first patch set this year. Fixed 10 critical vulnerabilities, including a major issue in the Microsoft Malware Protection Engine.



In addition to the final blocking of the Adobe Flash plugin, Adobe has closed a number of fresh vulnerabilities in its products, including a serious bug in Photoshop.



Kaspersky Lab experts have discovered similarities between the malicious code used in the Sunburst attack and the Kazuar backdoor, known since 2017.



Starting February 9, Microsoft will force blockunsecured connections to domain controllers to prevent Zerologon attacks. We wrote about this vulnerability in detail in August . Then the radical solution to the problem had to be postponed so that the administrators had time to prepare.



A critical vulnerability has been found in the Orbit Fox WordPress plugin . Multifunctional plugin allows you to generate registration forms, errors in which can be used to gain full control over the site.