The vulnerability, along with the code that exploits it in the wild, was found by an independent security researcher who alerted the Tor Project developers on the organization?s mailing list. The exploit code seems to work only on Windows and can directly call kernel32.dll, a core part of Windows.
It also seems to share most of the code with a 2013 exploit used by the FBI against the Tor browser. Therefore, it was either the FBI using it again, or someone that repurposed the code for their own malicious objectives. However, it?s typically governments that try to actively exploit the Tor browser, so chances that it was a random individual hacker are rather slim.
The Tor Project was alerted with the following message, followed by the exploit code:
Bookmarks