Submitted via IRC for SoyCow3941
An unidentified hacker group appears to have accidentally exposed two fully-working zero-days when they've uploaded a weaponized PDF file to a public malware scanning engine.
The zero-days where[sic] spotted by security researchers from Slovak antivirus vendor ESET, who reported the issues to Adobe and Microsoft, which in turn, had them patched within two months.
Anton Cherepanov, the ESET researcher who spotted the zero-days hidden inside the sea of malware samples, believes he caught the zero-days while the mysterious hacker(s) were still working on fine-tuning their exploits.
"The sample does not contain a final payload, which may suggest that it was caught during its early development stages," Cherepanov said.
The two zero-days are CVE-2018-4990, affecting Adobe's Acrobat/Reader PDF viewer, and CVE-2018-8120, affecting the Win32k component of Windows.
(Score: 3, Insightful) by requerdanos on Saturday May 19 2018, @06:31PM
Okay. To determine whether an exploit is "fully working", "partially working", "an abject failure non-working", and so on, it's necessary to first know what the exploit was intended to do in the mind of its source, in order to compare that to the effect that the exploit actually has.
Since we don't have this, "fully-working" is meaningless. (And "zero-days" just means "zero-day exploits." Thus)
Now. Something that does not work is not an exploit, by definition. Something that is an exploit, by definition, works. Like "fully", the word "working" is just clickbaity padding. Down to:
Now, to determine whether the disclosure was accidental, again we need to know the mind of the uploader. We don't. "Accidently exposed" becomes merely "uploaded."
Since they were uploaded to "a public malware scanning engine" by persons unidentified, we are left with
Which isn't nearly exciting in a clickbaity way.
Maybe it's a super-exciting derring-do hacker spy thing, sure, but no evidence of such has been presented.