Google’s Threat Analysis Group (TAG) says it has discovered “five separate, complete and unique” iPhone exploit chains, used by a group making a “sustained effort to hack the users of iPhones in certain communities” over at least two years. The attacker had set up several websites that delivered sophisticated malware indiscriminately to visiting iPhone users, using 14 vulnerabilities and at least one so-called zero day to track location, read encrypted messages and steal files.
Not for the first time, cybercriminals are targeting an important part of Android’s core software called the Android Debug Bridge (ADB). Normally the only people who pay any attention to the ADB are developers and device makers who use it as a terminal for debugging purposes. It’s supposed to be deactivated after the debugging is done. Unfortunately, it seems that ADB is being left active on some set-top boxes (STBs) and TVs built around a stripped-down version of Android called the Android OS (as distinct from the flavour of Android that runs smartphones, the Wear OS used by Android watches, and unrelated Chrome OS used by Google’s Chromecast and assorted Chromebooks).
Bug bounty programs have become a popular way for developers to track down security issues in software, but big pay-outs are not something that every company can afford. In a bid to keep its Android platform secure, Google has announced that its own bug bounty program is being expanded to include all big Android apps, regardless of who develops them. The company will reward security researchers who find bugs in any app in the Google Play Store with 100 million or more installs.
Google is patching a serious bug in the desktop version of its Chrome browser that could let an attacker take over a computer simply by luring users to a website. A fix for the bug, which affects the desktop version of Chrome on macOS, Windows, and Linux, will be available in the coming days, the company said. The flaw doesn’t affect the iOS or Android versions of Chrome. The bug lies in Blink, the rendering engine that underpins Chrome. A rendering engine is the part of the browser that interprets HTML and creates the visuals you see when you visit a website.
