Project Zero – Page 4 – WindowsTechs.com

That ‘iPhone Wi-Fi bug’ isn’t just for Apple users – here’s a rundown

Posted on April 7, 2017 by Paul Ducklin

A bug in Broadcom Wi-Fi firmware that has been patched on recent iPhones and some Google devices could affect many other devices too. Continue reading That ‘iPhone Wi-Fi bug’ isn’t just for Apple users – here’s a rundown→

Researcher finds vulnerability in popular microchips used in Android and iPhones

Posted on April 6, 2017 by Chris Bing

Security researchers have found a crucial vulnerability in a popular chipset used in smartphones that allows for an attacker to launch a remote, Wi-Fi delivered virus to a targeted device. Newer versions of Apple’s iPhone and many of Samsung’s flagship Android phones carry an affected Broadcom manufactured chipset. While Apple patched the vulnerability on Monday with the release of iOS 10.3.1, a variety of different Android devices remain susceptible to the proof-of-concept attack. An Apple security advisory concerning the vulnerability notes, “an attacker within range may be able to execute arbitrary code on the Wi-Fi chip.” iOS 10.3.1 fixes the issue by patching a “stack buffer overflow” problem, the advisory reads. The proof-of-concept exploit was developed by Google Project Zero researcher Gal Beniamini. Google plans to release its own patch in its April security bulletin, but the update will only be available to a “select number of device models,” according to […]

The post Researcher finds vulnerability in popular microchips used in Android and iPhones appeared first on Cyberscoop.

Continue reading Researcher finds vulnerability in popular microchips used in Android and iPhones→

LastPass Leaking Passwords Via Chrome Extension

Posted on March 22, 2017 by Darknet

LastPass Leaking Passwords is not new, last week its Firefox extension was picked apart – now this week it’s Chrome extension is giving up its goodies. I’ve always found LastPass a bit suspect, even though they are super easy to use, and have a nice UI they’ve had TOO many serious security issues for a […]

The post LastPass Leaking…

Read the full post at darknet.org.uk

Continue reading LastPass Leaking Passwords Via Chrome Extension→

Google publishes remote code vulnerability in Microsoft browsers

Posted on February 27, 2017 by Shaun Waterman

Google’s Project Zero published an unpatched and very severe vulnerability in the Microsoft Edge and Internet Explorer version 11 browsers Monday, after a 90-day deadline expired without a fix from Microsoft’s engineers. The publication, which means hackers will be able to write exploits for the affected software, appears to be the latest result of Microsoft’s shocking and still mysterious decision […]

The post Google publishes remote code vulnerability in Microsoft browsers appeared first on Cyberscoop.

Continue reading Google publishes remote code vulnerability in Microsoft browsers→

Google reports “high-severity” bug in Edge/IE, no patch available

Posted on February 27, 2017 by Dan Goodin

String of unpatched security flaws comes after February Patch Tuesday was canceled. Continue reading Google reports “high-severity” bug in Edge/IE, no patch available→

Cloudflare has been massively leaky for months

Posted on February 24, 2017 by Patrick O'Neill

The private messages you sent on OKCupid last month or the data collected by your FitBit could be floating around the internet right now. Add to that a load of passwords and private data on some of the web’s most popular sites. Big businesses like Uber, 1Password, OKCupid and FitBit use Cloudflare, a massive content […]

The post Cloudflare has been massively leaky for months appeared first on Cyberscoop.

Continue reading Cloudflare has been massively leaky for months→

Project Zero Finds A Graphic Zero Day

Posted on February 20, 2017 by Michael Uttmark

After finding the infamous Heartbleed vulnerability along with a variety of other zero days, Google decided to form a full-time team dedicated to finding similar vulnerabilities. That team, dubbed Project Zero, just released a new vulnerability, and this one’s particularly graphic, consisting of a group of flaws in the Windows Nvidia Driver.

Most of the vulnerabilities found were due to poor programming techniques. From writing to user provided pointers blindly, to incorrect bounds checking, most vulnerabilities were due to simple mistakes that were quickly fixed by Nvidia. As the author put it, Nvidia’s “drivers contained a lot of code which …read more

Continue reading Project Zero Finds A Graphic Zero Day→

Microsoft Silently Fixes Kernel Bug That Led to Chrome Sandbox Bypass

Posted on November 30, 2016 by Chris Brook

Microsoft appears to have silently fixed a two-year-old bug in in Windows Kernel Object Manager that could have allowed for the bypass of privileges in Google’s Chrome browser. Continue reading Microsoft Silently Fixes Kernel Bug That Led to Chrome Sandbox Bypass→

Threatpost News Wrap, September 16, 2016

Posted on September 16, 2016 by Chris Brook

The news of the week is discussed, including Schneier’s DDoS article, a patched IE/Edge zero day, a new OS X malware detection method, and Google’s Project Zero prize. Continue reading Threatpost News Wrap, September 16, 2016→

Google Project Zero Prize Pays $200,000 for Critical Vulnerability Chains

Posted on September 14, 2016 by Michael Mimoso

Google Project Zero announced a six-month Android bug bounty program that requires researchers to file bugs as they find them, rather than hoard the whole chain. Continue reading Google Project Zero Prize Pays $200,000 for Critical Vulnerability Chains→