{"vulnerability": "CVE-2020-1600", "sightings": [{"uuid": "d439d9eb-e3d9-4396-b42c-e2b92ea1c1ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16009", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:17.000000Z"}, {"uuid": "438653c9-1c84-4f4b-9336-075d46cff95d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16009", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "04e5756d-f789-415a-869f-0b1f9419b343", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16009", "type": "seen", "source": "MISP/62115025-92d8-4afc-a72b-4716c32d34df", "content": "", "creation_timestamp": "2024-11-14T06:07:08.000000Z"}, {"uuid": "e76b3849-4d06-409e-9951-004a70e19915", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16009", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971077", "content": "", "creation_timestamp": "2024-12-24T20:23:55.379058Z"}, {"uuid": "69c81025-7507-47ba-b3ab-1d7cfd09d67d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2020-16009", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/google-julkaisi-korjaavia-paivityksia-chrome-selainten-kriittisiin-haavoittuvuuksiin", "content": "", "creation_timestamp": "2020-11-04T13:01:05.000000Z"}, {"uuid": "a2dab3ce-e75b-44ff-a680-4bb56e1d76dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16009", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:46.000000Z"}, {"uuid": "727a49af-7a78-4c4c-9630-9cd10be63e2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16009", "type": "published-proof-of-concept", "source": "https://t.me/cKure/2725", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 CVE-2020-16009: v8 #0day\n\nhttps://chromium.googlesource.com/v8/v8.git/+/3ba21a17ce2f26b015cc29adc473812247472776%5E%21/#F3 | #Zeroday", "creation_timestamp": "2020-11-06T13:19:19.000000Z"}, {"uuid": "08d88f35-3767-473e-a65f-07ba3ee474bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2020-16009", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/089102d9-d75d-4551-9174-db521c2bd1e3", "content": "", "creation_timestamp": "2026-02-02T12:28:44.804684Z"}, {"uuid": "dcfa0e4e-1022-4d9b-b04d-10be1c47108c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16009", "type": "seen", "source": "https://t.me/cyberbannews_ir/2058", "content": "\ud83d\uded1\u0631\u0641\u0639 \u062f\u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0648\u0632 \u0635\u0641\u0631 \u062f\u0631 \u0645\u0631\u0648\u0631\u06af\u0631 \u06a9\u0631\u0648\u0645\n\n\u0634\u0631\u06a9\u062a \u06af\u0648\u06af\u0644 \u0628\u0647\u200c\u062a\u0627\u0632\u06af\u06cc \u062f\u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0631\u0648\u0631\u06af\u0631 \u06a9\u0631\u0648\u0645 \u0631\u0627 \u06a9\u0647 \u0647\u06a9\u0631\u0647\u0627 \u0627\u0632 \u0622\u0646\u200c\u0647\u0627 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0645\u06cc\u200c\u06a9\u0631\u062f\u0646\u062f\u060c \u0628\u0631\u0637\u0631\u0641 \u06a9\u0631\u062f. \n\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u06a9\u0647 \u0628\u0627 \u0634\u0646\u0627\u0633\u0647\u200c\u0647\u0627\u06cc \u00abCVE-2020-16013\u00bb \u0648 \u00abCVE-2020-16017\u00bb \u0634\u0646\u0627\u062e\u062a\u0647 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u060c \u0686\u0647\u0627\u0631\u0645\u06cc\u0646 \u0648 \u067e\u0646\u062c\u0645\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u0632\u06cc\u0631\u0648\u062f\u06cc \u0647\u0633\u062a\u0646\u062f \u06a9\u0647 \u0637\u06cc \u0686\u0646\u062f \u0647\u0641\u062a\u0647 \u06af\u0630\u0634\u062a\u0647 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc\u200c\u0634\u062f\u0647\u200c\u0627\u0646\u062f. \n\n\u0646\u0642\u0635\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0645\u0630\u06a9\u0648\u0631 \u06a9\u0647 \u062f\u0631 \u0646\u0633\u062e\u0647 86.0.4240.198 \u06a9\u0631\u0648\u0645 \u0628\u0631\u0627\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632\u060c \u0645\u06a9 \u0648 \u0644\u06cc\u0646\u0648\u06a9\u0633 \u0628\u0631\u0637\u0631\u0641 \u0634\u062f\u0647\u200c\u0627\u0646\u062f\u060c \u0628\u0631\u062e\u0644\u0627\u0641 \u0633\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u067e\u06cc\u0634\u06cc\u0646 \u062a\u0648\u0633\u0637 \u06a9\u0627\u0631\u0634\u0646\u0627\u0633\u0627\u0646 Google Project Zero \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0646\u0634\u062f\u0647\u200c\u0627\u0646\u062f \u0648 \u0645\u062d\u0642\u0642\u0627\u0646 \u0646\u0627\u0634\u0646\u0627\u0633 \u0622\u0646\u200c\u0647\u0627 \u0631\u0627 \u062a\u0634\u062e\u06cc\u0635 \u0648 \u06af\u0632\u0627\u0631\u0634 \u062f\u0627\u062f\u0647\u200c\u0627\u0646\u062f. \n\n\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0634\u0646\u0627\u0633\u0647 \u00abCVE-2020-16013\u00bb \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u0646\u0627\u062f\u0631\u0633\u062a \u0645\u0648\u062a\u0648\u0631 V8 \u062c\u0647\u062a \u0631\u0646\u062f\u0631 \u06a9\u0631\u062f\u0646 \u062c\u0627\u0648\u0627 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0627\u0633\u062a \u06a9\u0647 \u062f\u0631 9 \u0646\u0648\u0627\u0645\u0628\u0631 2020 \u062f\u0631 \u0645\u0648\u0631\u062f \u0622\u0646 \u0628\u0647 \u06af\u0648\u06af\u0644 \u06af\u0632\u0627\u0631\u0634\u200c\u0634\u062f\u0647 \u0627\u0633\u062a.\n\n\u0646\u0642\u0635 \u0627\u0645\u0646\u06cc\u062a\u06cc \u00abCVE-2020-16009\u00bb \u0646\u06cc\u0632 \u06a9\u0647 \u0627\u062e\u06cc\u0631\u0627\u064b \u0648\u0635\u0644\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u0646\u0627\u062f\u0631\u0633\u062a \u0645\u0648\u062a\u0648\u0631 V8 \u0628\u0648\u062f\u0647 \u0648 \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627\u06cc \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u06a9\u062f \u0631\u0627 \u0645\u06cc\u200c\u062f\u0647\u062f. \n\n\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0634\u0646\u0627\u0633\u0647 \u00abCVE-2020-16017\u00bb \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0627\u062e\u062a\u0644\u0627\u0644 \u062f\u0631 \u062d\u0627\u0641\u0638\u0647 \u0648 \u0627\u0632 \u0646\u0648\u0639 UAF \u0627\u0633\u062a \u06a9\u0647 7 \u0646\u0648\u0627\u0645\u0628\u0631 \u062f\u0631 \u0645\u0648\u0631\u062f \u0622\u0646 \u0628\u0647 \u0634\u0631\u06a9\u062a \u0627\u0637\u0644\u0627\u0639\u200c\u0631\u0633\u0627\u0646\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a.\n\n#\u06af\u0648\u06af\u0644\n\n@cyberbannews_ir", "creation_timestamp": "2020-11-16T11:06:45.000000Z"}, {"uuid": "d58da532-494d-43b8-bf17-c50c393bc8c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16009", "type": "exploited", "source": "https://t.me/CyberGovIL/926", "content": "[\u05e2\u05d3\u05db\u05d5\u05df] \u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea ZeroDay \u05d1\u05d3\u05e4\u05d3\u05e4\u05df \u05db\u05e8\u05d5\u05dd \u05de\u05e0\u05d5\u05e6\u05dc\u05d5\u05ea \u05d1\u05e4\u05d5\u05e2\u05dc \u05d1\u05e2\u05d5\u05dc\u05dd | Com1523\n\n\u05dc\u05d0\u05d7\u05e8\u05d5\u05e0\u05d4 \u05e4\u05e8\u05e1\u05de\u05d4 \u05d2\u05d5\u05d2\u05dc \u05e2\u05d3\u05db\u05d5\u05df \u05d0\u05d1\u05d8\u05d7\u05d4 \u05dc\u05d3\u05e4\u05d3\u05e4\u05df \u05db\u05e8\u05d5\u05dd \u05e2\u05d1\u05d5\u05e8 \u05de\u05e1\u05e4\u05e8 \u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea \u05d1\u05e1\u05d9\u05db\u05d5\u05df \u05d2\u05d1\u05d5\u05d4.\n\n\u05d0\u05d7\u05ea \u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea \u05d4\u05d9\u05d0 \u05e4\u05d2\u05d9\u05e2\u05d5\u05ea ZeroDay (\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05e9\u05dc\u05d0 \u05d4\u05d9\u05d9\u05ea\u05d4 \u05d9\u05d3\u05d5\u05e2\u05d4 \u05dc\u05d9\u05e6\u05e8\u05df) \u05d4\u05de\u05e0\u05d5\u05e6\u05dc\u05ea \u05d1\u05e4\u05d5\u05e2\u05dc \u05e2\u05dc \u05d9\u05d3\u05d9 \u05ea\u05d5\u05e7\u05e4\u05d9\u05dd \u05d1\u05e2\u05d5\u05dc\u05dd.\n\n[\u05e2\u05d3\u05db\u05d5\u05df] \u05e4\u05d5\u05e8\u05e1\u05dd \u05e2\u05d3\u05db\u05d5\u05df \u05d0\u05d1\u05d8\u05d7\u05d4 \u05dc\u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea ZeroDay \u05e0\u05d5\u05e1\u05e4\u05d5\u05ea (CVE-2020-15999\u05d5-CVE-2020-16009).\n\n[\u05e2\u05d3\u05db\u05d5\u05df] \u05d2\u05d5\u05d2\u05dc \u05e4\u05e8\u05e1\u05de\u05d4 \u05e9\u05ea\u05d9 \u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea zero-day \u05e0\u05d5\u05e1\u05e4\u05d5\u05ea (CVE-2020-16013 \u05d5-CVE-2020-16017).\n\n\u05de\u05d5\u05de\u05dc\u05e5 \u05dc\u05d1\u05d7\u05d5\u05df \u05d5\u05dc\u05e2\u05d3\u05db\u05df \u05d4\u05d3\u05e4\u05d3\u05e4\u05df \u05d1\u05d4\u05e7\u05d3\u05dd \u05d4\u05d0\u05e4\u05e9\u05e8\u05d9.", "creation_timestamp": "2020-11-12T11:41:01.000000Z"}, {"uuid": "e2a09740-3bcd-436a-831c-7d39d68b349e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16009", "type": "exploited", "source": "https://t.me/true_secator/1109", "content": "Google \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0434\u0435\u0441\u043a\u0442\u043e\u043f \u0432\u0435\u0440\u0441\u0438\u0438 Chrome, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 10 \u043e\u0448\u0438\u0431\u043e\u043a, \u0441\u0440\u0435\u0434\u0438 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043e\u0434\u043d\u0430, CVE-2020-16009, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e.\n\n\u041f\u043e\u043a\u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u043d\u0435\u0442, \u0435\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0435 \u0447\u0442\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e - \u043e\u0448\u0438\u0431\u043a\u0430 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 V8, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u043e\u043c \u0434\u043b\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 JavaScript \u0438 \u0431\u044b\u043b\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0439 \u0433\u0440\u0443\u043f\u043f\u043e\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f CVE-2020-16009 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 (RCE). Google \u0442\u0430\u043a\u0436\u0435 \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442, \u0447\u0442\u043e \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u043d\u043e \u043e\u043f\u044f\u0442\u044c \u0436\u0435 \u0431\u0435\u0437 \u043a\u0430\u043a\u0438\u0445-\u043b\u0438\u0431\u043e \u0434\u0435\u0442\u0430\u043b\u0435\u0439.\n\n\u0415\u0449\u0435 \u043e\u0434\u043d\u0430 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2020-16010 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 Google \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 Chrome \u0434\u043b\u044f Android. \u0422\u0430\u043a\u0436\u0435 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043e \u0435\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a RCE \u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u0430\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435 - \u044d\u0442\u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e, \u0442\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u0432\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c Chrome \u0441\u0440\u043e\u0447\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f.", "creation_timestamp": "2020-11-03T10:17:17.000000Z"}, {"uuid": "b859ce81-bf28-46a3-97d7-82379837e185", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16009", "type": "seen", "source": "https://t.me/thesammymove/2824", "content": "Be prepared to update your chrome browsers once again\ud83d\udea8\n\nChannel:@thesammymove\n#thesammymovenews \n\n\n\ud83d\udc68\u200d\ud83d\udcbbIs Chrome further safe to use? \n-This is the third report on safety vulnerability by @thesammymove.\nFirst: t.me/thesammymove/1077\nSecond: t.me/thesammymove/946\n \n\ud83d\udea8This disclosure brings to five the total number of actively exploited flaws found in Chrome within the last three weeks.\n\n\ud83d\udea8Google is asking Chrome desktop users to prepare to update their browsers once again as two more zero-day vulnerabilities have been identified in the software.\n\n1. CVE-2020-16017 is described by Google as a \u201cuse-after-free in site isolation,\u201d which is the Chrome component that isolates the data of different sites from each other.\n-To exploit it, a remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system,\u00a0according to researchers\u00a0at Czech firm Cybersecurity Help.\n\n2. CVE-2020-16013 meanwhile is an \u201cimproperly implemented security check for standard\u201d bug, which is a type of flaw where\u00a0 the software does not implement or incorrectly implements one or more security-relevant checks. \n-In this particular case, Google described the bug as an \u201cinappropriate implementation in V8,\u201d which is an open-source component of Chrome that handles JavaScript and WebAssembly.\n-To exploit it, a remote attacker can also create a specially crafted web page, trick the victim into visiting it and then be able to compromise the system, Cybersecurity Help noted.\n\n3. Another zero-day that Google\u00a0patched earlier\u00a0this month, CVE-2020-16009, also was due to an inappropriate implementation of V8, but it\u2019s unknown whether the two flaws are related.\n\n-Google typically refrains from providing specific details about vulnerabilities until well after they are patched.\n\nRead also,\n\u2705HOW TO GET FREE N1,000 WITHDRAWABLE TO YOUR BANK\nCLICK \ud83d\udc49HERE\ud83d\udc48", "creation_timestamp": "2020-11-13T13:41:34.000000Z"}, {"uuid": "4df982cd-3dc7-43c7-95c2-1d12516c594a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16009", "type": "exploited", "source": "https://t.me/thesammymove/1143", "content": "Be prepared to update your chrome browsers once again\ud83d\udea8\n\nChannel:@thesammymove\n#thesammymovenews \n\n\n\ud83d\udc68\u200d\ud83d\udcbbIs Chrome further safe to use? \n-This is the third report on safety vulnerability by @thesammymove.\nFirst: t.me/thesammymove/1077\nSecond: t.me/thesammymove/946\n \n\ud83d\udea8This disclosure brings to five the total number of actively exploited flaws found in Chrome within the last three weeks.\n\n\ud83d\udea8Google is asking Chrome desktop users to prepare to update their browsers once again as two more zero-day vulnerabilities have been identified in the software.\n\n1. CVE-2020-16017 is described by Google as a \u201cuse-after-free in site isolation,\u201d which is the Chrome component that isolates the data of different sites from each other.\n-To exploit it, a remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system,\u00a0according to researchers\u00a0at Czech firm Cybersecurity Help.\n\n2. CVE-2020-16013 meanwhile is an \u201cimproperly implemented security check for standard\u201d bug, which is a type of flaw where\u00a0 the software does not implement or incorrectly implements one or more security-relevant checks. \n-In this particular case, Google described the bug as an \u201cinappropriate implementation in V8,\u201d which is an open-source component of Chrome that handles JavaScript and WebAssembly.\n-To exploit it, a remote attacker can also create a specially crafted web page, trick the victim into visiting it and then be able to compromise the system, Cybersecurity Help noted.\n\n3. Another zero-day that Google\u00a0patched earlier\u00a0this month, CVE-2020-16009, also was due to an inappropriate implementation of V8, but it\u2019s unknown whether the two flaws are related.\n\n-Google typically refrains from providing specific details about vulnerabilities until well after they are patched.\n\nRead also\ud83d\udea8\n-DEPOSIT N50 TO GET N550 trick\ud83d\udc47\nt.me/thesammymove/1514\n\n-EARN CRYPTO,AIRTIME,DATA AND CASH\ud83d\udc47\nt.me/thesammymove/1692\n\n- FREE N1,000 TRICK \ud83d\udc47\nt.me/thesammymove/999", "creation_timestamp": "2021-04-09T02:45:23.000000Z"}, {"uuid": "30fe5ec4-c46c-4be3-89b8-94a6a60a7cde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16009", "type": "seen", "source": "https://t.me/NeKaspersky/216", "content": "Google \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0434\u0435\u0441\u043a\u0442\u043e\u043f \u0432\u0435\u0440\u0441\u0438\u0438 Chrome. \n\n\u0412 \u043d\u0435\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 10 \u043e\u0448\u0438\u0431\u043e\u043a, \u0441\u0440\u0435\u0434\u0438 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043e\u0434\u043d\u0430, CVE-2020-16009, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e. \n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u0434\u0432\u0438\u0436\u043a\u0435, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u043e\u043c \u0434\u043b\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 JavaScript. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f CVE-2020-16009 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434 (RCE).  \u0415\u0449\u0451 \u043e\u0434\u043d\u0430 zero-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2020-16010 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 Chrome \u0434\u043b\u044f Android. \n\n#\u041d\u0435\u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u0438\u0439 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u0442\u0435, \u0447\u0442\u043e \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432\u043e \u0432\u0441\u0435\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u0445 \u0438 \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u0445, \u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u0412\u044b \u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0435\u0441\u044c. \u042d\u0442\u043e \u043f\u0440\u043e\u0441\u0442\u043e\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u043e \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0433\u0430\u0440\u0430\u043d\u0442\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u043d\u0441\u043d\u043e\u0441\u0442\u0438 \u0412\u0430\u0448\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.", "creation_timestamp": "2020-11-03T16:42:14.000000Z"}, {"uuid": "7f2b4859-ccc8-455c-a117-1509d24ba7d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16009", "type": "exploited", "source": "https://t.me/true_secator/1538", "content": "\u200b\u200b\u0412 \u044f\u043d\u0432\u0430\u0440\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u0430 Google Project Zero \u043d\u0430\u0447\u0430\u043b\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u0442\u044c \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u044b \u0441\u0435\u0440\u0438\u0438 \"\u0412 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435\" \u043f\u0440\u043e \u0441\u0432\u043e\u044e \u043d\u043e\u0432\u0443\u044e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0443 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u044d\u0442\u043e\u0439 \u0441\u0430\u043c\u043e\u0439 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435. \n\n\u0412 \u0446\u0438\u043a\u043b\u0435 \u0438\u0437 \u0448\u0435\u0441\u0442\u0438 \u0441\u0442\u0430\u0442\u0435\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u043b\u0438 \u043f\u0440\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0443\u044e \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u044d\u0442\u043e\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0432 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2020 \u0433\u043e\u0434\u0430 \u043a\u0438\u0431\u0435\u0440\u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044e \u043f\u043e \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Windows \u0438 Android \u0447\u0435\u0440\u0435\u0437 \u0430\u0442\u0430\u043a\u0443 \u043d\u0430 \u0432\u043e\u0434\u043e\u043f\u043e\u0439. \u0422\u043e\u0433\u0434\u0430 \u0445\u0430\u043a\u0435\u0440\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0441\u0440\u0430\u0437\u0443 \u0447\u0435\u0442\u044b\u0440\u0435 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0447\u0442\u043e \u0441\u0430\u043c\u043e \u043f\u043e \u0441\u0435\u0431\u0435 \u0432\u0435\u0441\u044c\u043c\u0430 \u043a\u0440\u0443\u0442\u043e.\n\n\u041d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u043e \u0430\u0442\u0440\u0438\u0431\u0443\u0446\u0438\u0438 \u0430\u0432\u0442\u043e\u0440\u0430 \u044d\u0442\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 Google \u0442\u043e\u0433\u0434\u0430 \u043d\u0435 \u043f\u0440\u0438\u0432\u0435\u043b\u0438. \u0421\u0443\u0434\u044f \u043f\u043e \u0432\u0441\u0435\u043c\u0443, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0430\u0448\u043b\u0438 \u043a\u0443\u0441\u043e\u043a \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u043a\u0430\u043a\u043e\u0439-\u0442\u043e \u043a\u0440\u0443\u0442\u043e\u0439 \u0438 \u0445\u043e\u0440\u043e\u0448\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u043d\u043e\u0439 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u044b, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u0435\u0435 \u0432\u0441\u0435\u0433\u043e \u043f\u0440\u043e\u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0439 APT. \u041d\u043e \u0442\u0430\u043a \u0438 \u043d\u0435 \u0441\u043c\u043e\u0433\u043b\u0438 \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0445\u043e\u0442\u044c \u043a\u0430\u043a\u0438\u0435-\u0442\u043e \u0432\u044b\u0432\u043e\u0434\u044b \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0430 \u0438 \u0446\u0435\u043b\u0435\u0439 \u0432\u0441\u043a\u0440\u044b\u0442\u043e\u0439 \u043a\u0438\u0431\u0435\u0440\u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438.\n\n\u0412\u0447\u0435\u0440\u0430 Google Project Zero \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043d\u043e\u0432\u044b\u0439 \u043e\u0442\u0447\u0435\u0442, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u043b\u0438 \u043f\u0440\u043e \u043d\u043e\u0432\u0443\u044e \u043a\u0438\u0431\u0435\u0440\u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044e \u044d\u0442\u043e\u0439 \u0436\u0435 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u044b, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u043c\u0438 \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430. \u0418 \u0432 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 APT (\u0430 \u043c\u044b \u0431\u0443\u0434\u0435\u043c \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0442\u044c, \u0447\u0442\u043e \u044d\u0442\u043e \u0438\u043c\u0435\u043d\u043d\u043e \u043f\u0440\u043e\u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u0430\u044f APT) \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 \u0443\u0436\u0435 \u0441\u0435\u043c\u044c (!) 0-day.\n\nProject Zero \u043d\u0430\u0448\u043b\u0438 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0432 \u0445\u043e\u0434\u0435 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0432\u043e\u0434\u043e\u043f\u043e\u0439 \u043b\u0435\u0433\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0430\u0439\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u043b\u0438 \u043f\u043e\u0441\u0435\u0442\u0438\u0432\u0448\u0438\u0445 \u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0430 \u043e\u0434\u0438\u043d \u0438\u0437 \u0434\u0432\u0443\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432. \u041a\u0430\u0436\u0434\u044b\u0439 \u0438\u0437 \u044d\u0442\u0438\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b \u0441\u0432\u043e\u044e \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0432 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 \u0442\u043e\u0433\u043e, \u0438\u0437-\u043f\u043e\u0434 \u043a\u0430\u043a\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0440\u0430\u0431\u043e\u0442\u0430\u043b\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e.\n\n\u0421\u0435\u0440\u0432\u0435\u0440 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u21161 \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u0437\u0430\u0440\u0430\u0436\u0430\u043b \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0441 iOS \u0438 Windows, \u043e\u0434\u043d\u0430\u043a\u043e \u043a\u043e\u0433\u0434\u0430 \u0432\u0442\u043e\u0440\u043e\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u0431\u044b\u043b \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d (\u0441\u0443\u0434\u044f \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u0441\u0430\u043c\u0438\u043c\u0438 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0448\u0438\u043c\u0438 \u043f\u0440\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u0435 \u043a \u043d\u0438\u043c \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u0430 \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0438\u043d\u0444\u043e\u0441\u0435\u043a \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439) \u043e\u043d \u043d\u0430\u0447\u0430\u043b \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 CVE-2020-16009 \u043a Android. \u041e\u0441\u0442\u0430\u0432\u0430\u043b\u0441\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u043c \u0431\u043e\u043b\u0435\u0435 \u043d\u0435\u0434\u0435\u043b\u0438 \u0441 \u0442\u043e\u0433\u043e \u043c\u043e\u043c\u0435\u043d\u0442\u0430, \u043a\u0430\u043a \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u0441\u0442\u0430\u043b\u0438 \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b. \n\n\u0421\u0435\u0440\u0432\u0435\u0440 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u21162 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Android \u0438 \u043e\u0441\u0442\u0430\u0432\u0430\u043b\u0441\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u043c \u043b\u0438\u0448\u044c 36 \u0447\u0430\u0441\u043e\u0432 \u043f\u043e\u0441\u043b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0431\u044b\u043b \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d. \n\n\u0412\u0441\u0435\u0433\u043e Project Zero \u0441\u043c\u043e\u0433\u043b\u0438 \u0441\u043e\u0431\u0440\u0430\u0442\u044c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b:\n1. \u041e\u0434\u043d\u0430 \u043f\u043e\u043b\u043d\u0430\u044f \u0446\u0435\u043f\u043e\u0447\u043a\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u0430\u044f \u043d\u0430 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u0443\u044e Windows 10 \u0441 Google Chrome.\n2. \u0414\u0432\u0435 \u0447\u0430\u0441\u0442\u0438\u0447\u043d\u044b\u0435 \u0446\u0435\u043f\u043e\u0447\u043a\u0438, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u043d\u0430 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0439 Android \u0441 Google Chrome \u0438\u043b\u0438 Samsung Browser.\n3. \u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b RCE \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0434\u043b\u044f iOS 11-13. \n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0433\u043e\u0432\u043e\u0440\u044f\u0442, \u0447\u0442\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0434\u0440\u0443\u0433\u0438\u0445 \u041e\u0421 \u043e\u043d\u0438 \u043d\u0435 \u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043d\u0435\u043b\u044c\u0437\u044f \u0441\u043a\u0430\u0437\u0430\u0442\u044c \u043e\u0434\u043d\u043e\u0437\u043d\u0430\u0447\u043d\u043e \u0431\u044b\u043b\u0438 \u0438\u043b\u0438 \u043d\u0435 \u0431\u044b\u043b\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0434\u043b\u044f Linux. \n\n\u0412\u0441\u0435\u0433\u043e ProjectZero \u043d\u0430\u0448\u043b\u0438 \u0441\u0435\u043c\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u041f\u0440\u0438 \u0447\u0435\u043c \u043d\u0435 \u0444\u0430\u043a\u0442, \u0447\u0442\u043e \u044d\u0442\u043e \u0432\u0441\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c\u0438 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438. \u0412 \u043e\u0434\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0445\u0430\u043a\u0435\u0440\u044b \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \"\u043d\u0430\u043b\u0435\u0442\u0443\" \u043c\u0435\u043d\u044f\u0442\u044c \u043e\u0434\u0438\u043d \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0435 \u0434\u0440\u0443\u0433\u0438\u043c (CVE-2020-15999 \u043d\u0430 CVE-2020-16009), \u043a\u043e\u0433\u0434\u0430 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c \u041f\u041e.\n\n\u041d\u0438\u043a\u0430\u043a\u0438\u0445 \u043d\u043e\u0432\u044b\u0445 \u0434\u043e\u0433\u0430\u0434\u043e\u043a \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0442\u043e\u0433\u043e, \u043a\u0442\u043e \u0441\u0442\u043e\u0438\u0442 \u0437\u0430 \u043a\u0438\u0431\u0435\u0440\u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f\u043c\u0438, \u043d\u0435 \u043f\u043e\u044f\u0432\u0438\u043b\u043e\u0441\u044c. \u0415\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0435 \u0447\u0442\u043e \u0441\u043a\u0430\u0437\u0430\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u044d\u0442\u043e \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0438\u043b\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0437\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0441\u0442\u043e\u044f\u043b\u0438 \u0440\u0430\u0437\u043d\u044b\u0435 \u0430\u043a\u0442\u043e\u0440\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435, \u0442\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u0441\u043a\u043e\u043e\u0440\u0434\u0438\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043e.\n\n\u041a\u0430\u043a\u0438\u0445-\u043b\u0438\u0431\u043e \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u043f\u0440\u043e\u0444\u0438\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0446\u0435\u043b\u0435\u0439 Google Project Zero \u043f\u043e \u043a\u0430\u043a\u0438\u043c-\u0442\u043e \u043f\u0440\u0438\u0447\u0438\u043d\u0430\u043c \u043d\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442. \u0418 \u044d\u0442\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u0440\u0438\u0431\u0430\u0432\u043b\u044f\u0435\u0442 \u0437\u0430\u0433\u0430\u0434\u043e\u043a \u0432\u0441\u0435\u043c\u0443 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u044f\u0449\u0435\u043c\u0443.\n\n\u041f\u043b\u044e\u0441 \u043e\u0434\u0438\u043d\u0430\u0434\u0446\u0430\u0442\u044c 0-day \u043c\u0435\u043d\u044c\u0448\u0435 \u0447\u0435\u043c \u0437\u0430 \u0433\u043e\u0434. \u0420\u0435\u043f\u0442\u0438\u043b\u043e\u0438\u0434\u044b?", "creation_timestamp": "2021-03-19T09:13:43.000000Z"}, {"uuid": "552c5d8a-afe6-48db-b07b-fa533cbcfb3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16009", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2943", "content": "In-the-Wild Series: October 2020 0-day discovery for Android, Windows, iOS devices\nhttps://googleprojectzero.blogspot.com/2021/03/in-wild-series-october-2020-0-day.html\nPoCs:\nCVE-2020-15999\u00a0- Chrome Freetype heap buffer overflow\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2103\nCVE-2020-17087\u00a0- Windows heap buffer overflow in cng.sys\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2104\nCVE-2020-16009\u00a0- Chrome type confusion in V8\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2106\nCVE-2020-16010/16011\u00a0- Chrome heap buffer overflow\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2112\nCVE-2020-27930\u00a0- Safari arbitrary stack read/write\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2105\nCVE-2020-27950\u00a0- iOS XNU kernel memory disclosure\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2108\nCVE-2020-27932\u00a0- iOS kernel type confusion\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2107", "creation_timestamp": "2022-06-03T18:52:35.000000Z"}, {"uuid": "35a21921-fec1-4251-996a-6d11598ce8ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16009", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2034", "content": "CVE-2020-16009: \n0day - Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to exploit heap corruption\nhttps://chromium.googlesource.com/v8/v8.git/+/3ba21a17ce2f26b015cc29adc473812247472776%5E%21/#F3", "creation_timestamp": "2020-11-03T22:15:14.000000Z"}, {"uuid": "d8230755-77d1-4f8d-9f1a-3d69a16d0623", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16001", "type": "seen", "source": "https://t.me/cibsecurity/15795", "content": "\u203c CVE-2020-16001 \u203c\n\nUse after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-03T07:39:56.000000Z"}, {"uuid": "36cc7d83-8a9c-4e1f-ab9f-335f10c4c94c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16007", "type": "seen", "source": "https://t.me/cibsecurity/15797", "content": "\u203c CVE-2020-16007 \u203c\n\nInsufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-03T07:45:58.000000Z"}]}