ESET researchers have recently made a significant discovery, uncovering two previously unknown vulnerabilities in Mozilla products and Windows that are being actively exploited by a group known as RomCom. This Russia-aligned group has a history of conducting opportunistic campaigns against specific business verticals as well as engaging in targeted espionage operations.
The first vulnerability, identified as CVE-2024-9680, is a use-after-free bug that affects versions of Firefox, Thunderbird, and the Tor Browser. This vulnerability allows malicious actors to execute code within the restricted context of the browser. Mozilla was quick to address this issue, releasing a patch on October 9, 2024.
The second vulnerability, known as CVE-2024-49039, is a privilege escalation bug in Windows that enables code to run outside of Firefox’s sandbox. Microsoft promptly released a patch for this vulnerability on November 12, 2024. When these two vulnerabilities are chained together, it creates a scenario where attackers can execute arbitrary code without any interaction from the user, a tactic known as a “zero-click exploit.”
In instances observed by ESET, this exploit resulted in the installation of RomCom’s backdoor on the victim’s computer. This backdoor is particularly concerning as it allows attackers to execute commands and download additional modules onto the victim’s machine, giving them even more control and access.
To gain a better understanding of how this compromise chain works and to learn more about the vulnerabilities and the exploits that are leveraging them, ESET Chief Security Evangelist Tony Anscombe provides detailed insights in a video presentation. The full blog post on the topic further elaborates on the specifics of these vulnerabilities and the potential impact they may have.
Given the severity of these vulnerabilities and the active exploitation by a sophisticated threat actor like RomCom, it is crucial for users of affected software to ensure that they have applied the necessary patches and updates to protect their systems. As cyber threats continue to evolve, staying informed and proactive in addressing security vulnerabilities is essential in safeguarding against potential attacks.
Through ongoing research and collaboration with industry experts, ESET remains dedicated to identifying and mitigating cybersecurity threats to protect users and businesses from malicious activities. Stay vigilant, stay informed, and prioritize cybersecurity measures to defend against emerging threats in the digital landscape.