Hackers infecting all OS

[Dannydet]

Ars Technica: “Expert” hackers used 11 zerodays to infect Windows, iOS, and Android users.
https://arstechnica.com/information...days-to-infect-windows-ios-and-android-users/

 

[Unforgiven]

Oh yay!!! Just the news I want for my Friday morning.

 

[9cc3985ae3094d8b]

> I don't think the quote marks are needed around "Expert" in the title. Whatever group carried out these attacks are clearly experts at what they do. <
Stole this from the article's comments, but I feel the exact same way.
Pretty impressive work. Illegal - but still impressive.

 

[Davdi]

SO, it appears to only target Google Chrome and Apple's Safari browsers. was the Open Source Chromium (and derivatives), or Firefox also affected?

 

[Dannydet]

That's a good question...

 

[9cc3985ae3094d8b]

SO, it appears to only target Google Chrome and Apple's Safari browsers. was the Open Source Chromium (and derivatives), or Firefox also affected?

Well, these are the 11 vulnerabilities:
CVE-2020-6418 - Chrome Vulnerability in TurboFan (fixed February 2020)
CVE-2020-0938 - Font Vulnerability on Windows (fixed April 2020)
CVE-2020-1020 - Font Vulnerability on Windows (fixed April 2020)
CVE-2020-1027 - Windows CSRSS Vulnerability (fixed April 2020)
CVE-2020-15999 - Chrome Freetype heap buffer overflow
CVE-2020-17087 - Windows heap buffer overflow in cng.sys
CVE-2020-16009 - Chrome type confusion in TurboFan map deprecation
CVE-2020-16010 - Chrome for Android heap buffer overflow
CVE-2020-27930 - Safari arbitrary stack read/write via Type 1 fonts
CVE-2020-27950 - iOS XNU kernel memory disclosure in mach message trailers
CVE-2020-27932 - iOS kernel type confusion with turnstiles

Looks to me, like Firefox wasn't affected.
As for Chromium...can't tell. I don't know how similar Chrome and Chromium are.