Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

A Pakistani lawyer was targeted via WhatsApp with a zero-click Predator spyware link, leveraging 14 undisclosed vulnerabilities. The attack used Google Chrome and Safari exploits to install surveillance software on Android and iOS devices.

Why This Matters

The technical reality of modern cyberattacks contrasts sharply with idealized security models. While systems are designed to defend against known threats, zero-day exploits like those in CVE-2025-48543 and CVE-2023-41993 bypass defenses entirely. The scale of damage is vast: Intellexa’s tools have been linked to surveillance in over a dozen countries, with costs measured in compromised civil liberties and data breaches.

Key Insights

• “14 zero-day exploits used in Predator attacks, 2021–2025”: Google Threat Intelligence Group (GTIG)
• “JSKit framework enables iOS code execution via WebKit JIT RCE”: CVE-2023-41993
• “Aladdin vector exploits mobile ads for zero-click infections”: Linked to Pulse Advertise and MorningStar TEC

Practical Applications

• Use Case: Government agencies use Predator for targeted surveillance via compromised mobile operators (Mars/Jupiter vectors).
• Pitfall: Relying on unpatched browser vulnerabilities exposes devices to zero-click exploits, as seen in Saudi Arabia’s 2025 CVE-2025-6554 breach.

References:

• https://thehackernews.com/2025/12/intellexa-leaks-reveal-zero-days-and.html