Sounds extremely targeted, if an attacker is porting the attack to Macs (presumably a lot of work), and combining it with other loaders... I wonder how long this 0-day was in the wild.
Your friend should probably be browsing as a non-admin in a continuously-reimaged VM, separate from an air-gapped machine, if you have those kinds of attackers after you. Spooky..
if an attacker is porting the attack to Macs (presumably a lot of work)
It's worth noting that a professional security and pentest company I know of had a Python-based exploit authoring DSL that automatically generated exploit code across a very wide range of processor architectures and OSes. This was about fifteen years ago.
It's worth noting that a professional security and pentest company I know of had a Python-based exploit authoring DSL that automatically generated exploit code across a very wide range of processor architectures and OSes.
Makes sense. If entire OSes can be written in an intermediate representation, then exploits can be as well.
Just speculation, but "targeting" in this case may be as trivial as checking the user agent header, or other "device recognition" tricks common in web development nowadays. I am sure there are hundreds of libraries that do this for you...
I don't know why you are addressing me, I can't even downvote. Your "conspiracy theory" comment is certainly valid, unfortunately I'm not willing to provide more information so I suppose it will remain a "conspiracy theory" albeit one I believe is true.
