Google on Wednesday Share the details of newly discovered exploit frameworks capable of deploying spyware to targeted devices. Dubbed “Heliconia” exploits, they appear to have ties to Spanish company Variston IT, according to Google Threat Analysis Group (TAG).
Heliconia targets n-day vulnerabilities, meaning there are patches available for those vulnerabilities. The new frameworks fix vulnerabilities previously found in Chrome, Firefox, and Microsoft Defender. All of the vulnerabilities were fixed in 2021 and early 2022. However, Google’s research shows that these exploits were used as security holes — in other words, before the exploits. Vulnerability detected.
To ensure you are protected from Heliconia and other exploits, it is important to keep all your software up to date.
Google notes that the new exploits are the latest to highlight the growth of the commercial spyware industry.
“TAG research has shown the prevalence of commercial surveillance and the extent to which commercial spyware vendors have developed capabilities previously only available to well-paid governments. and newly acquired technical expertise,” Google TAG’s Clement Lecigne and Benoit Sevens wrote in a blog post. “The growth of the spyware industry puts users at risk and makes the Internet less secure, and while surveillance technologies may be legal under national or international law, they are often used used in harmful ways to carry out digital espionage against a wide range of groups.”
Google learned about the Heliconia framework from an anonymous submission to its Chrome bug reporting program. Three bugs were detailed: “Heliconia Noise” is a web framework for implementing Chrome renderer bug exploits followed by an exit sandbox. “Heliconia Soft” is a web framework that deploys PDF files containing the Windows Defender exploit. Finally, the bug report named “File” contains a fully documented Firefox exploit sequence for Windows and Linux.