Exploit Chain

10th January 2020 | Cybrary Exploit Chain


An Exploit Chain is an attack that involves multiple exploits or attacks that are chained together to fully compromise a device. In these attacks, Hackers cannot use a single exploit to compromise their target but instead can combine a series of exploits that ultimately lead to malware getting installed on a smartphone (iOS or Android) which can lead to the loss of critical and sensitive data.  In the cases described in the video below, the websites visited by unsuspecting users contain a variety of attacks which when chained together can compromise the smart phones targeted.

How do I protect myself?

There are a few strategies you can employ to protect yourself from these chained exploits including:

  1. Patch your iOS/Android device to the latest version of vendor OS for the best chance of protection based upon Apple and Android fixing these things without publicly disclosing them to the public.
  2. Reboot your phone.  These exploit chains in their current incarnation was only valid while the device was live after visiting the malicious website.  Rebooting the device reverted to a pristine OS.

Related Terms: Attack, Exploit, Hacker

Source: Chained Exploits, Andrew Whitaker

Additional Reading:

A very Deep Dive into Exploit Chaining (Google’s Project Zero)

yCombinator Exploit Chaining Article

A Deep Dive into iPhone Exploit Chaining (a 40 min. video)

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Urgency, Emotion, Authority: How One Scammer Almost Got Inside a CPA Firm

Urgency, Emotion, Authority: How One Scammer Almost Got Inside a CPA Firm

Tax season keeps accountants busy, and it keeps scammers busy too. Early this summer, a CPA firm became the...

Read more
The Ransomware an AI Model Built Without Trying

The Ransomware an AI Model Built Without Trying

Researchers went looking for a fake photo upscaler and found something stranger: a ransomware kit an AI model...

Read more
CyberHoot Goes Fully Passwordless: Native Passkey Support Arrives for Administrators

CyberHoot Goes Fully Passwordless: Native Passkey Support Arrives for Administrators

For four years, CyberHoot has argued the same thing on its blog: passwords are major weak link. They get reused,...

Read more