Evidence suggests, they added, that the frameworks were also used when the vulnerabilities were zero-days.
The frameworks contained “mature source code capable of deploying exploits for Chrome, Windows Defender, and Firefox” respectively.
The frameworks exploited vulnerabilities that Google, Microsoft, and Firefox fixed in 2021 and 2022.Heliconia Noise included both an exploit for the Chrome renderer, along with an exploit for escaping the Chrome security sandbox, which is designed to keep untrusted code contained in a protected environment that can’t access sensitive parts of an operating system.
The Files framework contained a fully documented exploit chain for Firefox running on Windows and Linux.TAG's research has shown the proliferation of commercial surveillance and the extent to which commercial spyware vendors have developed capabilities that were previously only available to governments with deep pockets and technical expertise.These abuses represent a serious risk to online safety which is why Google and TAG will continue to take action against, and publish research about, the commercial spyware industry.