Magnitude Exploit Equipment (EK) has been upgraded to focus on Chromium-based browsers operating on Home windows techniques. Up to now, Magnitude EK was recognized to focus on solely Web Explorer.
What has occurred?
- Apparently, the builders of Magnitude EK added help for 2 new exploits. The primary one targets Google Chrome whereas the opposite one targets Microsoft’s Home windows.
- The exploited Google Chrome vulnerability is tracked as CVE-2021-21224 and the Home windows flaw is tracked as CVE-2021-31956.
- The lately noticed assaults are focusing on solely Home windows builds 18362, 18363, 19041, and 19042 (19H1–20H2). Nonetheless, the assaults don’t appear to contain any use of a malicious payload.
In regards to the exploited vulnerabilities
- CVE-2021-21224: It’s a type-confusion bug within the V8 rendering engine that permits RCE. The bug has been exploited in assaults on a couple of events, nonetheless, Google has already fixed the flaw.
- CVE-2021-31956: It’s an elevation of privilege vulnerability that permits attackers to keep away from Chrome’s sandbox and procure system privileges. This flaw was patched by Microsoft in June.
Beforehand, these two vulnerabilities have been utilized in a malicious exercise named PuzzleMaker, which has not but been related to any recognized risk group.
At current, Magnitude EK doesn’t use any malicious payload and it would change within the coming occasions. Consultants conjecture that quickly there could possibly be an assault adopted by extra malware being dropped on compromised techniques. Subsequently, it is strongly recommended to make sure that the system and software program used are up-to-date.