Android devices infected by 5 zero day vulnerabilities


so this sort of shit is something state actors just have on hand at any time? like we found out about these, but how many other ways do they have to just fucking own your tech at a moments notice. jesus christ.

Yes. If they don’t already have 0 days on-hand and have the need for them, they will buy them

Zerodium buys these for up to $2 million and sometimes more. Makes me wonder for how much they’re selling for.

So…what the hell do I do about it?

Wait for them to be exploited and out in the wild. Then patch as fast as you can. And hope you’re using a vendor with good engineers.
Unless… You become a top-of-the-line cybersec researcher, programmer and a bit of greyhatting. Find zero-days and inform the vendors so they can patch it.

So I’m an infrastructure admin, charged with security policy among many things. We do not supply company cell phones, so we try not to be too draconian with our mobile device security policy. But its getting to the point where we have to just give up an assume risk because when companies like Sony only provide 2 years of updates, you’re going to have outdated devices out there.

It’s exhausting. At least Microsoft and Apple patch regularly

Sounds about right >.< 80% training, security culture etc 10% technical solutions (soc/siem I count in this) 5% IRT and Recovery and good IT hygiene 5% Pray to whoever that 0-day wont be abused towards you

Tbh, Microsoft has a good zero-trust thinking with their Azure version. Not sure if it fits you, but Zero trust architecture is probably the best bet we have

And use them. Governments already have a “use it or lose it” mentality when it comes to budget time… Even before spending hundreds of thousands on zero-days that risk becoming worthless the instant the vulnerability is identified.

State actors, like anyone else with the funds and know how can purchase this sort of stuff