Spyware Vendor Candiru Abused Chrome Zero-day to Spy on High-Interest Targets
The Israeli spyware vendor Candiru was abusing Chrome zero-day by using DevilsTongue spyware to collect data on high-interest targets. The vulnerability in question is a high-severity-heap-based buffer overflow in WebRTC, which allows attackers to execute code on the target device remotely. The flaw has been patched by Google on July 4th, but the details of ongoing attacks are only becoming known now. Read more...