SALES, RENTALS & LAYAWAYS

PROTECTING EVERYTHING THAT HAS EVER BEEN OF VALUE TO YOU

Open 24/7/365

We Have A Life-Time Warranty /
Guarantee On All Products. (Includes Parts And Labor)

Mysterious Software Bugs Were Used To Hack iPhones and Android Phones and No One Will Talk About It

Google found at least seven critical bugs being exploited by hackers in the wild. Mysterious Software Bugs Were Used To Hack iPhones and Android Phones and No One Will Talk About It

But after disclosing them days ago, the company has yet to reveal key details about who used them and against whom.

Google’s elite teams of bug and malware hunters found and disclosed a flurry of high impact vulnerabilities in Chrome, Android, Windows, and iOS last week. The internet giant also said that these various vulnerabilities were all “actively exploited in the wild.” In other words, hackers were using these bugs to actually hack people, which is concerning.

What’s more, all these vulnerabilities are in some way related to each other, Motherboard has learned. That potentially means the same hackers were using them. According to the disclosure reports, some bugs were in font libraries, and others were used to escape the sandbox in Chrome, and others were used to take control of the whole system, suggesting some of these bugs were part of a chain of vulnerabilities used to exploit victim’s devices.

So far, very little information has come out about who may have been using the exploits and who they were targeting. Often, bugs in modern software are found and are ethically disclosed by security researchers, which means that they are fixed before they are widely exploited to hack people. In this case, however, we know that the bugs were being used for hacking operations.

Last year, Google found a series of zero-days—vulnerabilities that at the time of discovery are unknown to the software maker—that spies were using to target the Uighur community. China has conducted a widespread, systemic campaign of physical and technical oppression and surveillance against the Muslim minority.

“This feels like spy shit.”

Unfortunately, this time we don’t know any details because Google—the only company that has the whole story behind these bugs—has not said much at all about how it found the bugs, who was using them, and whom they were being used against.

Notably, an update pushed to iOS 12 (which is two years old) patched the issue on phones dating back to the iPhone 5s and iPhone 6. Often, when updates are pushed to such old devices it means the bug is particularly bad, but, again, we do not know the specifics at this time.

“The fact that they updated iPhone 6 users means it was bad,” said a cybersecurity expert who asked not to be named because he wasn’t allowed to speak to the press. “That phone has been end of life for a while.”

“We’re not going to be able to offer much new info,” Google spokesperson Scott Westover said in an email on Monday.

Do you have any information on these vulnerabilities, or the hackers who used them? We’d love to hear from you. Using a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, on Wickr at lorenzofb, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzofb@vice.com.

Apple did not respond to requests for comment. A Microsoft spokesperson said in an email that the company “released security updates in November to address CVE-2020-17087. Customers who have applied the updates, or have automatic updates enabled, are protected.” The company also said that it has not seen evidence of exploitation in the wild.

Ben Hawkes, the head of Google Project Zero, the internet giant’s team of skilled hackers that is tasked with the mission of finding vulnerabilities in all kinds of software—not just Google’s—announced on Twitter over the last 10 days that his team had found all these vulnerabilities (seven in total.)

On Oct. 20, Google disclosed the first bug (CVE-2020-15999) in this series of vulnerabilities, a bug in FreeType, an open source font rendering software, was used to target Chrome, according to Hawkes.

Then, on Oct. 30, the first bug (CVE-2020-17087) to gather more attention in the press was a Windows bug that allowed hackers to escalate system privileges, meaning the hackers could jump from having control of one app to taking control of the whole victim’s system.

Finally, last week, Hawkes wrote on Twitter that Project Zero had also found zero-days for Chrome and Android (CVE-2020-16009 and CVE-2020-16010) that were exploited in the wild. The first one of these was used for “remote code execution,” technical jargon for hackers taking full control of an application or system.

Just three days later, Hawkes announced that Apple had fixed three critical bugs in iOS. Two of them in the kernel, the part of the operating system that has access to almost anything that’s happening on the phone, and one of them was also a font bug, vaguely reminiscent of the FreeType one that was disclosed on Oct. 20. This bug, according to Apple, allowed hackers to take control of the victim’s phone by sending them a file with a “maliciously crafted font.”

Shane Huntley, the head of Google’s Threat Analysis Group, a team that tracks hackers all over the internet, said on Twitter that these bugs were used for “targeted exploitation in the wild similar to the other recently reported 0days” and that these bugs had nothing to do with the U.S. elections.

“This feels like spy shit,” Ryan Stortz, a researcher who works the security consultancy firm Trail of Bits, told Motherboard.

Stortz said that he has not seen the details of the exploits and vulnerabilities—no one outside of Google and the companies that patched them have—but said that it looks like they could all be part of the same hacker group’s bug arsenal.

“It’s pretty damn rare for bugs like this to be cross platform. I think it’s more likely they found another waterhole site like with the Uighur bugs that had both chains.”

All these seven bugs are related to each other, according to a source with knowledge of the vulnerabilities, who asked to remain anonymous as they were not allowed to talk to the press.

In any case, some of these bugs were very critical and gave hackers a lot of power when they used them. The iOS bugs, for example, were so dangerous that Apple pushed updates not just for the current iOS 14, but also for the older, not usually supported, iOS 12.

This story was updated with a new statement from Microsoft saying they patched the vulnerability found by Project Zero.

Updated: 1-27-2021

Update Your iPhone: New Apple Updates Fix Potentially ‘Exploited’ Security Flaws

Apple released an update for iOS 14 to fix security vulnerabilities that it says “may have been actively exploited” by hackers.

The tech giant posted the news to its website Tuesday, announcing that it had released an update to patch three issues on the iPhone 6 and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation).

Apple didn’t go into much detail, explaining that “for our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.”

The issues are related to Apple’s WebKit — which CNN reports is an open-source browser that powers Safari and other iOS browsers — and Kernel, which TechCrunch called “the core of the operating system.”

Through the WebKit flaw, Apple said hackers “may be able to cause arbitrary code execution.” Through the Kernel vulnerability, Apple says “malicious application may be able to elevate privileges.”

To quote Jack Morse at Mashable, both are “not good.”

Apple said the issues were discovered by anonymous researchers and that more details would be available soon.

Downloading the new iOS 14.4 software for iPhones and iPads will patch these security vulnerabilities and also fix keyboard lag while equipping cameras to read smaller QR codes, CNN reported.

Back in November, Apple released iOS 14.2, which fixed 24 vulnerabilities on iPhones and iPads, Threat Post reported. The most recent flaws weren’t known at the time of that release, according to the outlet.

It’s not uncommon for hackers to gain access to devices through security updates.

According to Mashable, one Chinese hacking team’s whole technique was to wait for a company to announce a vulnerability then hack those who didn’t immediately update.

So don’t let that be you: Update your iPhone or iPad.

Apple Updates iOS To Fix Crypto Wallet Security Vulnerabilities

Coinbase’s head engineer is warning iOS users to update their mobile devices as soon as possible.

Apple has issued new security updates for its mobile operating system after the iPhone maker discovered vulnerabilities that could compromise cryptocurrency wallets.

The security updates, which were released Tuesday, affect iOS 14.4 and iPadOS 14.4. The vulnerabilities reportedly allowed hackers to gain remote access to a target system, thereby exposing the user’s cryptocurrency wallet.

Pete Kim, Coinbase’s head engineer, warned iPhone users to update their operating system immediately.

“If you are using a mobile crypto wallet on an iOS device, be sure to update iOS as soon as possible!” Kim tweeted Tuesday. “The update includes a fix for a remote arbitrary code execution vulnerability that may have been actively exploited.”

Coinbase’s mobile wallet is the 13th most downloaded finance app on the Apple Store.

Apple’s security updates are available for iPhone 6s and later, iPad Air 2 and later, iPad Mini 4 and later and the seventh-generation iPad Touch. The company said that the vulnerabilities “may have been actively exploited” by malicious actors.

Mobile wallets are a popular way for crypto users to store and transfer their digital assets. They also make it easier to spend cryptocurrency on everyday items.

Crypto infrastructure has been a primary target for hackers over the years, but the extent of the attacks has declined considerably. As Cointelegraph reported in November 2020, crypto-related attacks declined sharply over the course of 2020.

Mysterious Software Bugs Were,Mysterious Software Bugs Were,Mysterious Software Bugs Were,Mysterious Software Bugs Were,Mysterious Software Bugs Were,Mysterious Software Bugs Were,Mysterious Software Bugs Were,Mysterious Software Bugs Were,

 

 

Related Articles:

Dark Web Hackers Say They Hold Keys To 10,000 Robinhood Accounts #GotBitcoin

Hackers Steal $2.3 Million From Trump Wisconsin Campaign Account

Crypto Scammers Deface Trump Campaign Website One Week From Elections

Telecoms Protocol From 1975 Exploited To Target 20 Crypto Executives

With Traders Far From Offices, Banks Bring Surveillance To Homes

Financial Systems Set Up To Monitor Unemployment Insurance Fraud Are Being Overloaded (#GotBlockchain?)

A Millionaire Hacker’s Lessons For Corporate America

Container Shipping Line CMA CGM Says Data Possibly Stolen In Cyberattack

Major Hospital System Hit With Cyberattack, Potentially Largest In U.S. History

Hacker Releases Information On Las Vegas-Area Students After Officials Don’t Pay Ransom

Russian Troll Farms Posing As African-American Support For Donald Trump

US Moves To Seize Cryptocurrency Accounts Linked To North Korean Heists

These Illicit SIM Cards Are Making Hacks Like Twitter’s Easier

Uber Exec Allegedly Concealed 2016 Hack With $100K BTC ‘Bug Bounty’ Pay-Off

Senate Panel’s Russia Probe Found Counterintelligence Risks In Trump’s 2016 Campaign

Bockchain Based Surveillance Camera Technology Detects Crime In Real-Time

Trump Bans TicToc For Violating Your Privacy Rights While Giving US-Based Firm Go Ahead (#GotBitcoin?)

Facebook Offers Money To Reel In TikTok Creators

How A Facebook Employee Helped Trump Win—But Switched Sides For 2020

Facebook Rebuffs Barr, Moves Ahead on Messaging Encryption

Facebook Ad Rates Fall As Coronavirus Undermines Ad Spending

Facebook Labels Trump Posts On Grounds That He’s Inciting Violence

Crypto Prediction Markets Face Competition From Facebook ‘Forecasts’ (#GotBitcoin?)

Coronavirus Is The Pin That Burst Facebook And Google Online Ads Business Bubble

OpenLibra Plans To Launch Permissionless Fork Of Facebook’s Stablecoin (#GotBitcoin?)

Facebook Warns Investors That Libra Stablecoin May Never Launch (#GotBitcoin?)

FTC Approves Roughly $5 Billion Facebook Settlement (#GotBitcoin?)

How Facebook Coin’s Big Corporate Backers Will Profit From Crypto

Facebook’s Libra Is Bad For African Americans (#GotBitcoin?)

A Monumental Fight Over Facebook’s Cryptocurrency Is Coming (#GotBitcoin?)

Alert! 540 Million Facebook Users’ Data Exposed On Amazon Servers (#GotBitcoin?)

Facebook Bug Potentially Exposed Unshared Photos of Up 6.8 Million Users (#GotBitcoin?)

Facebook Says Millions of Users’ Passwords Were Improperly Stored in Internal Systems (#GotBitcoin?)

Advertisers Allege Facebook Failed to Disclose Key Metric Error For More Than A Year (#GotBitcoin?)

Ad Agency CEO Calls On Marketers To Take Collective Stand Against Facebook (#GotBitcoin?)

Thieves Can Now Nab Your Data In A Few Minutes For A Few Bucks (#GotBitcoin?)

New Crypto Mining Malware Beapy Uses Leaked NSA Hacking Tools: Symantec Research (#GotBitcoin?)

Equifax, FICO Team Up To Sell Your Financial Data To Banks (#GotBitcoin?)

Cyber-Security Alert!: FEMA Leaked Data Of 2.3 Million Disaster Survivors (#GotBitcoin?)

DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)

Lithuanian Man Pleads Guilty In $100 Million Fraud Against Google, Facebook (#GotBitcoin?)

Hack Alert! Buca Di Beppo, Owned By Earl Enterprises Suffers Data Breach Of 2M Cards (#GotBitcoin?)

SEC Hack Proves Bitcoin Has Better Data Security (#GotBitcoin?)

Maxine Waters (D., Calif.) Rises As Banking Industry’s Overseer (#GotBitcoin?)

FICO Plans Big Shift In Credit-Score Calculations, Potentially Boosting Millions of Borrowers (#GotBitcoin?)

Our Facebook Page

Your Questions And Comments Are Greatly Appreciated.

Monty H. & Carolyn A.

Go back

Leave a Reply