Submitted via IRC for SoyCow3941
An unidentified hacker group appears to have accidentally exposed two fully-working zero-days when they've uploaded a weaponized PDF file to a public malware scanning engine.
The zero-days where[sic] spotted by security researchers from Slovak antivirus vendor ESET, who reported the issues to Adobe and Microsoft, which in turn, had them patched within two months.
Anton Cherepanov, the ESET researcher who spotted the zero-days hidden inside the sea of malware samples, believes he caught the zero-days while the mysterious hacker(s) were still working on fine-tuning their exploits.
"The sample does not contain a final payload, which may suggest that it was caught during its early development stages," Cherepanov said.
The two zero-days are CVE-2018-4990, affecting Adobe's Acrobat/Reader PDF viewer, and CVE-2018-8120, affecting the Win32k component of Windows.
(Score: -1, Troll) by Anonymous Coward on Saturday May 19 2018, @05:59PM (1 child)
If you're telling the truth, you're scum who should be killed.
If you're lying, you're scum who should be killed.
Kill yourself and save us the trouble.
(Score: 0) by Anonymous Coward on Saturday May 19 2018, @06:36PM
We provide a needed service. We charge the market rate; feel free to bid on the contracts if you think you can do it cheaper.
Throwing a $billion at this stuff is enough for hundreds of 0-day exploits. That is pocket change for the US government.
Stuxnet is a great example. It had multiple 0-day exploits and some extra code. All together, it probably went for $50 million. It set back Iran's nuclear weapons program by years. That was a bargain.
People may have died because of my work. I like that.