Firefox And Windows Zero Days Chained To Deliver The Romcom Backdoor

Video

The backdoor tin execute commands and lets attackers download further modules onto nan victim’s machine, ESET investigation finds

26 Nov 2024

ESET researchers person uncovered 2 antecedently chartless vulnerabilities successful respective Mozilla products and successful Windows, pinch some flaws nether progressive exploitation by RomCom, a Russia-aligned group known for opportunistic campaigns against selected business verticals and targeted espionage operations alike.

• CVE-2024-9680 is simply a use-after-free bug that allows susceptible versions of Firefox, Thunderbird, and nan Tor Browser to execute codification successful nan restricted discourse of nan browser. Mozilla patched nan vulnerability connected October 9th, 2024.
• CVE‑2024‑49039 is simply a privilege escalation bug successful Windows that allows codification to tally extracurricular of Firefox’s sandbox. Microsoft released a spot for this 2nd vulnerability connected November 12th, 2024.

Chaining nan 2 flaws allows bad actors to tally arbitrary codification successful nan discourse of nan logged-in personification – and without immoderate personification relationship – successful a alleged zero-click exploit. In campaigns observed by ESET, this led to nan installation of RomCom’s eponymous backdoor connected nan victim’s computer. The backdoor tin execute commands and download further modules to nan victim’s machine.

What precisely does nan discuss concatenation impact and what other is location to cognize astir nan vulnerabilities and nan exploits abusing them? Find retired successful nan video by ESET Chief Security Evangelist Tony Anscombe and beryllium judge to besides publication nan afloat blogpost.