Google Project Zero – Page 2

Apple releases patches for 3 iOS zero days that hackers used for targeted attacks

Posted on November 6, 2020 by Sean Lyngaas

Apple has issued fixes for three critical bugs in its software for iPhones, iPads and iPods that could allow an attacker to burrow into the inner sanctum of a device’s operating system and steal data. The researchers who found the flaws said that attackers were actively exploiting them. Two of the bugs affect the kernel, the core of the device’s operating system which handles interactions between hardware and software. Apple users are protected if they update their software, which the company encouraged them to do on Thursday. Project Zero, Google’s team of security researchers that found the vulnerabilities, said hackers exploited the flaws in targeted attacks, but did not disclose the victims or perpetrators. Shane Huntley, of Google’s Threat Analysis Group, said the activity was not related to the U.S. election. Vulnerabilities in iPhone software are coveted by spies and criminals alike because of the popularity of the phones around the world, and the resources […]

The post Apple releases patches for 3 iOS zero days that hackers used for targeted attacks appeared first on CyberScoop.

Continue reading Apple releases patches for 3 iOS zero days that hackers used for targeted attacks→

Apple Patches Bugs Tied to Previously Identified Zero-Days

Posted on November 6, 2020 by Elizabeth Montalbano

The actively exploited vulnerabilities discovered by Project Zero exist across iPhone, iPad and iPod devices. Continue reading Apple Patches Bugs Tied to Previously Identified Zero-Days→

Two Chrome Browser Updates Plugs Holes Actively Targeted by Exploits

Posted on November 3, 2020 by Elizabeth Montalbano

Patches for both the Chrome desktop and Android browser address high-severity flaws with known exploits available in the wild. Continue reading Two Chrome Browser Updates Plugs Holes Actively Targeted by Exploits→

Google ‘Irresponsibly’ Discloses Windows Zero-Day

Posted on November 2, 2020 by Richi Jennings

Google discovered a “threat actor” exploiting a pair of bugs—one in Chrome and one in Windows.
The post Google ‘Irresponsibly’ Discloses Windows Zero-Day appeared first on Security Boulevard.
Continue reading Google ‘Irresponsibly’ Discloses Windows Zero-Day→

Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape

Posted on November 2, 2020 by Tara Seals

Google Project Zero disclosed the bug before a patch becomes available from Microsoft. Continue reading Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape→

Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser

Posted on October 21, 2020 by Elizabeth Montalbano

The memory-corruption vulnerability exists in the browser’s FreeType font rendering library. Continue reading Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser→

News Wrap: Twitter Hack, Apple Under Fire and Global Privacy Finger Wags

Posted on July 24, 2020 by Lindsey O'Donnell

Threatpost editors talk about the biggest security news stories for the week ended Jul. 24. Continue reading News Wrap: Twitter Hack, Apple Under Fire and Global Privacy Finger Wags→

Google researcher beefs up iMessage security by demonstrating clickless exploit

Posted on January 9, 2020 by Sean Lyngaas

Software exploits that don’t require a victim to click a link to be compromised are an intriguing and growing area of research for white-hat hackers. So it is no surprise that Google’s elite team of hackers, Project Zero, has dug into this stealthy mode of attack in recent months. On Thursday, Samuel Gross laid out how, armed with only a target’s Apple ID, he could remotely compromise an iPhone within minutes to steal passwords, text messages and emails, and activate the camera and microphone. The attack, which exploited an iOS 12.4 vulnerability for which Apple issued a patch in last August, shows how “small design decisions can have significant security consequences,” Gross wrote in a blog post. Gross poked holes in some conventional wisdom around security features used in the iPhone operating system. A data-randomizing security feature known as ASLR meant to guard against exploits “is not as strong in practice,” he […]

The post Google researcher beefs up iMessage security by demonstrating clickless exploit appeared first on CyberScoop.

Continue reading Google researcher beefs up iMessage security by demonstrating clickless exploit→

Brand new Android smartphones shipped with 146 security flaws

Posted on November 19, 2019 by John E Dunn

If you think brand new, just-out-of-the-box Android smartphones are immune from security vulnerabilities – think again. Continue reading Brand new Android smartphones shipped with 146 security flaws→

Binaries and Brews: Jailbreak Security Summit convenes hackers on NSA’s doorstep

Posted on October 15, 2019 by Sean Lyngaas

Of the countless security conferences held across the globe, only one combines craft beer and malware analysis in the National Security Agency’s backyard. Every year, federal contractors and analysts at Beltway cybersecurity companies gather for a day at Jailbreak Brewery’s Laurel, Maryland, headquarters to trade specialized knowledge in digital forensics. “The training is really good; the beers are even better,” said a Department of Justice employee sipping a Lemon Meringue Berliner Weisse. The DOJ employee, who declined to speak on the record, has been coming since the summit’s inception in 2015. “I learn something new every year,” he said, before descending from the bar and taking a seat in front of the presentation stage. That is the comfort zone that Kasey Turner, a former NSA employee, sought to create when he opened the brewery in 2014 with cybersecurity contractor-turned-entrepreneur Justin Bonner. “We wanted this to be everybody’s own jailbreak,” Turner told CyberScoop. […]

The post Binaries and Brews: Jailbreak Security Summit convenes hackers on NSA’s doorstep appeared first on CyberScoop.

Continue reading Binaries and Brews: Jailbreak Security Summit convenes hackers on NSA’s doorstep→