The University of Toronto’s Citizen Lab group and Google’s Threat Analysis Group recently discovered three zero-days: CVE-2023-41991 (signature verification bypass), CVE-2023-41992 (local privilege escalation), and CVE-2023-41993 (arbitrary code execution via malicious webpage). A threat actor chained the zero-days in a spyware attack against Egyptian lawmaker Ahmed Altantawy.
A threat actor infected the opposition leader’s cellphone with Predator spyware through a man-in-the-middle attack, which typically indicates a state-sponsored group with large resources is behind the operation. Egypt is a known Predator spyware customer, and the threat actor likely conducted the operation with approval from Egyptian authorities. Apple patched the three vulnerabilities in its most recent software update. Google also discovered an exploit chain designed for Android devices in Egypt. The chain leveraged the Chrome vulnerability CVE-2023-4762 for remote code execution, which Google patched in early September.
Read More:
