Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday June 24 2019, @09:37AM   Printer-friendly
from the need-more-cowbell^W-blockchain dept.

Hackers exploited a pair of potent zero-day vulnerabilities in Firefox to infect Mac users with a largely undetected backdoor, according to accounts pieced together from multiple people.

Mozilla released an update on Tuesday that fixed a code-execution vulnerability in a JavaScript programming method known as Array.pop. On Thursday, Mozilla issued a second patch fixing a privilege-escalation flaw that allowed code to break out of a security sandbox that Firefox uses to prevent untrusted content from interacting with sensitive parts of a computer operating system. Interestingly, a researcher at Google's Project Zero had privately reported the code-execution flaw to Mozilla in mid April.

On Monday, as Mozilla was readying a fix for the array.pop flaw, unknown hackers deployed an attack that combined working exploits for both vulnerabilities. The hackers then used the attack against employees of Coinbase, according to Philip Martin, chief information security officer for the digital currency exchange.

"We've seen no evidence of exploitation targeting customers," Martin added. "We were not the only crypto org targeted in this campaign. We are working to notify other orgs we believe were also targeted." Martin also published cryptographic hashes of code used in the attack, along with IP addresses the code contacted.

https://arstechnica.com/information-technology/2019/06/potent-firefox-0day-used-to-install-undetected-backdoors-on-macs/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by edIII on Monday June 24 2019, @10:17PM

    by edIII (791) on Monday June 24 2019, @10:17PM (#859522)

    Reminds me of a saying, "If a tree falls in the middle of forest, and hits a mime, does anybody care?"

    This is like a walled garden of happy shiny chickens. FireFox went through the backdoor, and killed a bunch of chickens. Yet, you look in the garden today and can only see happy shiny chickens clucking about pecking out tweets like nothing happened.

    --
    Technically, lunchtime is at any moment. It's just a wave function.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2