Google's Project Zero has determined that at least eighteen widely used Android devices are vulnerable to exploitation of a use-after-free condition, and that this vulnerability is being exploited in the wild. Ars Technica cites Google as pointing to either Herzliya-based NSO Group or some of its customers as the actors behind the attacks. The October Android update is expected to address the issue.
Check Point has linked a domestic surveillance effort to Egyptian intelligence services. The campaign used spyware embedded in security apps made available in Google's Play Store. Victims were targeted through 0Auth phishing.
Palo Alto Networks has published an "Adversary Playbook" for PKPLUG, a recently identified Chinese state espionage actor that's concerned itself with domestic surveillance of Uyghurs and international espionage directed against countries opposed to Belt and Road. The group is behind the HenBox Android malware distributed through third-party app stores.
Cabinet members in the US, the UK, and Australia will jointly ask Facebook to hold off on plans to implement end-to-end encryption. Buzzfeed yesterday obtained a copy of a letter US Attorney General Barr, UK Home Secretary Patel, Australian Home Affairs Minister Dutton, and acting US Homeland Security Secretary McAleenan intend to publish today. The open letter, which ZDNet says will be issued in conjunction with announcement of a new data-sharing agreement among the three countries, specifically asks that the social network not make it impossible for authorities to legally access content relating to child sexual exploitation and abuse, terrorism, and foreign interference in democratic institutions.