430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit

Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million. Intellexa is an Israeli surveillance firm founded by Israeli entrepreneur Tal Dilian, it offers surveillance and hacking solution to law enforcement and intelligence agencies. The Vx-undergroud researchers shared some images of several confidential documents that appear to be […]

exploit surveillance firm 2

Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million.

Intellexa is an Israeli surveillance firm founded by Israeli entrepreneur Tal Dilian, it offers surveillance and hacking solution to law enforcement and intelligence agencies.

The Vx-undergroud researchers shared some images of several confidential documents that appear to be the commercial offer of Intellect.

Leaked documents details the purchase of an iOS Remote Code Execution zero-day exploit for $8,000,000.

The leaked documentation demonstrates that the company offers services for remote data extraction from Android and iOS devices. The offer includes remote, one-click browser-based exploits that allow threat actors to compromise both Android and iOS mobile devices. Threat actors could use these exploits by tricking targets into clicking on a link.

The company offers 10 concurrent infections for iOS and Android devices, along with a “magazine of 100 successful infections”.

exploit surveillance firm 2

The exploits should work against the Android 12 update and iOS 15.4.1, this information is important because Apple released iOS 15.4.1 in March, which means that the offer is recent. At this time it is not possible to determine if the vulnerabilities in the offered exploits have been addressed by Apple.

One of the documents of the surveillance firm provides a list of Android devices that could be targeted with the one-click exploit.

exploit surveillance firm

The documents shared by Vx-undergroud demonstrate that the surveillance industry continues to grow and that the profits could be enormous.

In June, researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware.

Many other surveillance companies made the headlines in the last months, including NSO group, Candiru, and DSIRF.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, surveillance)

[adrotate banner=”5″]

[adrotate banner=”13″]