Hello, welcome to the Thursday, January 9th, 2020 edition of the Santernut Storm Center's Stormcast.

My name is Johannes Ulrich, and then I'm recording from Jacksonville, Florida.

And just the day after Mozilla released Firefox 72, Mozilla found it necessary to release yet another update for Firefox 72.0.1.

This update fixes a single critical flaw.

It's a type confusion in the Ein Monkey Just in Time compiler.

These Just in Time compilers have had a lot of issues quite complex,

but they're trying to accomplish here. And the reason they sort of pushed out this update so quickly

it was that this vulnerability is already exploited in targeted attacks in the wild.

So that's why you may see this minor update for Firefox updating

to 72.0.1. Trend Micro found three applications in the Google Play Store that took advantage of CVE 2019-2215.

This was a vulnerability in Binder, the inter-processed communication on Android and allowed

for privilege escalation.

It was fixed by Google in October, but these applications actually started showing up in the Google Play Store as far back as March, according to Trend Micro.

This vulnerability has been exploited in some targeted attacks.

So kind of interesting to have applications in the Play Store exploiting this

vulnerability a few months ahead of it, actually sort of being publicly known and patched.

This vulnerability has been used by the NSO group, which is also known sort of as the Sidewinder, APT in some circles.

So Trent Micro suggests that NSO Group was the one or one of their customers.

NSO Group heavily sells Malware as well, has placed these applications in the Google Play Store in order to infect targets.

The applications themselves are not really all that terribly remarkable.

They appear to be functional.

One is called Camero, which is sort of a camera application.

...