[sterlind]

Sounds extremely targeted, if an attacker is porting the attack to Macs (presumably a lot of work), and combining it with other loaders... I wonder how long this 0-day was in the wild.

Your friend should probably be browsing as a non-admin in a continuously-reimaged VM, separate from an air-gapped machine, if you have those kinds of attackers after you. Spooky..

[saidajigumi]

if an attacker is porting the attack to Macs (presumably a lot of work)

It's worth noting that a professional security and pentest company I know of had a Python-based exploit authoring DSL that automatically generated exploit code across a very wide range of processor architectures and OSes. This was about fifteen years ago.

[stcredzero]

It's worth noting that a professional security and pentest company I know of had a Python-based exploit authoring DSL that automatically generated exploit code across a very wide range of processor architectures and OSes.

Makes sense. If entire OSes can be written in an intermediate representation, then exploits can be as well.

[kseifried]

You mean Core Impact? =).

[saidajigumi]

dingdingdingdingding!

[kchr]

Just speculation, but "targeting" in this case may be as trivial as checking the user agent header, or other "device recognition" tricks common in web development nowadays. I am sure there are hundreds of libraries that do this for you...

[admax88q]

What about that makes it sound targeted? Seems like standard vulnerabilities chained together, nothing specific to the "target"

[fabianhjr]

Just jail outside facing processes like firefox. (BSD Jails, Firejail in Linux and probably another solution on Mac)

[FDSGSG]

> presumably a lot of work

How come?