The backdoor can execute instructions and lets attackers obtain extra modules onto the sufferer’s machine, ESET analysis finds
26 Nov 2024
ESET researchers have uncovered two beforehand unknown vulnerabilities in a number of Mozilla merchandise and in Home windows, with each flaws below lively exploitation by RomCom, a Russia-aligned group identified for opportunistic campaigns towards chosen enterprise verticals and focused espionage operations alike.
- CVE-2024-9680 is a use-after-free bug that enables weak variations of Firefox, Thunderbird, and the Tor Browser to execute code within the restricted context of the browser. Mozilla patched the vulnerability on October 9th, 2024.
- CVE‑2024‑49039 is a privilege escalation bug in Home windows that enables code to run outdoors of Firefox’s sandbox. Microsoft launched a patch for this second vulnerability on November 12th, 2024.
Chaining the 2 flaws permits dangerous actors to run arbitrary code within the context of the logged-in consumer – and with none consumer interplay – in a so-called zero-click exploit. In campaigns noticed by ESET, this led to the set up of RomCom’s eponymous backdoor on the sufferer’s pc. The backdoor can execute instructions and obtain extra modules to the sufferer’s machine.
What precisely does the compromise chain contain and what else is there to know concerning the vulnerabilities and the exploits abusing them? Discover out within the video by ESET Chief Safety Evangelist Tony Anscombe and you should definitely additionally learn the complete blogpost.
