• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

Cybersecurity & Risk Management Specialists

Menu
  • Home
  • Industries
      • Aviation
      • Defence & Defence Industry
      • Government
      • Health & Hospitals
      • Corrections and Detention
      • Maritime
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • Research and Education Industry
      • Telecommunications
      • Utilities
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Pandemic Planning
      • Electronic Security
      • IT Disaster Recovery Plan
      • Security Consultants
      • CCTV and Security Cameras
      • Duress Alarms
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Solutions
    • banner-menuUnisys Solutions
    • CTO-Blog-110619-Header-GraphicLookingGlass Solutions
    • menu-bg-2Dell Technologies (RSA) Solutions
    • Sightline-Visualization-menuSightline Solutions
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

Zero-Day Exploits Infect Windows and Android Devices

You are here: Home / General / Zero-Day Exploits Infect Windows and Android Devices

It’s not every day that Google researchers warn us about cyber-attacks that involve undetected vulnerabilities or, in cyber jargon, zero-day exploits. Recently, a sophisticated threat actor managed to exploit vulnerabilities in Chrome and Windows in order to install malware on devices that run Android and Windows operating systems.

These vulnerabilities were not known to Google at the time. The hackers delivered the exploits through a strategy called a watering hole attack, which takes advantage of compromised sites that are visited by frequent users to lace the site with malicious code. The code then installs malware to the user’s device.

The four zero-day exploits

  • CVE-2020-6418 Chrome vulnerability in Turbofan
  • CVE-2020-0938 Font vulnerability on Windows
  • CVE-2020-1020 Font vulnerability on Windows
  • CVE-2020-1027 Windows CSRSS vulnerability

The above vulnerabilities have now been fixed and patched.

The attackers were able to obtain remote code execution by exploiting the Chrome zero-day. They have not yet exploited the Android zero-day. The Project Zero research team has published six installments that outline the details of the exploits and post-exploits payloads, with the intention that those installments will help the security community to combat complex malware operations.

For more information on system security, contact Agilient’s cybersecurity and consulting experts.

Tweet
Share

General Android,  Chrome,  cybersecurity,  Google,  malware,  Project Zero,  zero-day exploits

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2021 Agilient · Level 3, 655 Pacific Highway, St Leonards, NSW 2065 · 1300 341 692