0-days exploited by commercial surveillance vendor in Egypt

Google TAG and The Citizen Lab discovered an in-the-wild zero-day exploit chain developed by Intellexa to install Predator spyware on iOS and Android devices; delivery used MITM HTTP injection (and one-time links for Android), the iOS chain relied on three CVEs (CVE-2023-41991/41992/41993) patched by Apple and the Android chain used a Chrome RCE (CVE-2023-4762), and the report urges users to apply patches and enable HTTPS-First protections.