Malware News Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers

[Solarquest]

Content source

https://www.bleepingcomputer.com/news/security/shadowy-hackers-accidentally-reveal-two-zero-days-to-security-researchers/

An unidentified hacker group appears to have accidentally exposed two fully-working zero-days when they've uploaded a weaponized PDF file to a public malware scanning engine.
The zero-days where spotted by security researchers from Slovak antivirus vendor ESET, who reported the issues to Adobe and Microsoft, which in turn, had them patched within two months.

Zero-days caught while still under development
...

Cherepanov spotted two suspicious PDF samples [1, 2] at the end of March. Both zero-days are now patched. Microsoft patched CVE-2018-8120 last week, in the May 2018 Patch Tuesday, and Adobe patched CVE-2018-4990 yesterday in APSB18-09.



VirusTotal

VirusTotal

 

[RoboMan]

 

[yitworths]

they must have to be some undercover white hat hackers

 

[yitworths]

Adobe and Microsoft, which in turn, had them patched within two months.

So two months is d standard... Or am I missing something?

 

[oleg sidorenko]

they must have to be some undercover white hat hackers

Not really, sometimes they submit samples of their own exploits to see if VT will catch it or not

 

[yitworths]

Not really, sometimes they submit samples of their own exploits to see if VT will catch it or not

That was a joke mate. Next time I will include d pun intended disclaimer.