Showing only posts in Google Project Zero. Show all posts.

An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit

Source

By Ian Beer A graph representation of the sandbox escape NSExpression payload In April this year Google's Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious link. The chain was reported to Apple under a …

Release of a Technical Report into Intel Trust Domain Extensions

Source

Today, members of Google Project Zero and Google Cloud are releasing a report on a security review of Intel's Trust Domain Extensions (TDX). TDX is a feature introduced to support Confidential Computing by providing hardware isolation of virtual machine guests at runtime. This isolation is achieved by securing sensitive …

Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems

Source

Posted by Tim Willis, Project Zero Note: Until security updates are available, users who wish to protect themselves from the baseband remote code execution vulnerabilities in Samsung’s Exynos chipsets can turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings. Turning off these settings will remove the …

A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain

Source

Maddie Stone, Project Zero Note : The three vulnerabilities discussed in this blog were all fixed in Samsung’s March 2021 release. They were fixed as CVE-2021-25337, CVE-2021-25369, CVE-2021-25370. To ensure your Samsung device is up-to-date under settings you can check that your device is running SMR Mar-2021 or later …

Gregor Samsa: Exploiting Java's XML Signature Verification

Source

By Felix Wilhelm, Project Zero Earlier this year, I discovered a surprising attack surface hidden deep inside Java’s standard library: A custom JIT compiler processing untrusted XSLT programs, exposed to remote attackers during XML signature verification. This post discusses CVE-2022-34169, an integer truncation bug in this JIT compiler …

Source

The curious tale of a fake Carrier.app Posted by Ian Beer, Google Project Zero NOTE: This issue was CVE-2021-30983 was fixed in iOS 15.2 in December 2021. Towards the end of 2021 Google's Threat Analysis Group (TAG) shared an iPhone app with me: App splash screen showing …

page 1 | older articles »