Items tagged with Project Zero

If you're a technology enthusiast, you've probably heard of "one-click" malware. This is pretty scary stuff in its own right: one click of a carefully-crafted link in an e-mail or other text message, and you're infected. One-click malware has been around a long time, but there's something even worse these days. It's... Read more...
Companies like Microsoft and others are potentially getting more time to fix zero-day vulnerabilities before Google's Project Zero team discloses them to the public, as part of a new policy change for 2021. At the same time, end users can potentially expect zero-day security patches to arrive quicker and be more... Read more...
The bug hunters that comprise Google's Project Zero team are getting a little fed up with companies that issue incomplete or otherwise incorrect patches for zero-day vulnerabilities they discover. Going into 2021, the team plans to reevaluate how it handles these kinds of situations, with a recent privilege escalation... Read more...
It seems Qualcomm is having a devil of a time fixing a security flaw related to its Adreno GPU driver code. It was brought to Qualcomm's attention by Google's Project Zero team, which sniffs out vulnerabilities and compels companies to fast-track security fixes by going public with the details after 90 days have... Read more...
Google’s Project Zero team, which is tasked with discovering 0-day vulnerabilities, has uncovered an exploit in the Windows kernel that can lead to sandbox escape or privilege escalation. The bug, given CVE-2020-17087, is of the buffer overflow type in the Windows Kernel Cryptography Driver (CNG.sys) and is being... Read more...
After being alerted to a "medium" security flaw in Windows 10 by Google's Project Zero team, Microsoft took a swing and a miss at fixing it through yesterday's cumulative Patch Tuesday roll out. As per Project Zero's policy, the vulnerability has now been disclosed to the public, as Microsoft failed to address it... Read more...
Through its Project Zero division, Google has tasked itself with motivating technology companies to push out timely patches for zero day vulnerabilities. It does this by giving companies 90 days to patch a security flaw before going public with the details. There are differing opinions on whether this is the right... Read more...
A dangerous zero-day vulnerability affecting at least a dozen different Android phone models is being actively exploited in the wild, according to Google's Project Zero team. Attackers who leverage the security flaw are able to gain full control of an affected Android phone. As of right now, no patch for the... Read more...
A week ago, Google disclosed findings from its Project Zero Threat Analysis Group, which discovered 14 vulnerability in iOS that were used across five exploit chains. According to Google, the exploits were used over a period of more than two years in a "sustained effort to hack the users of iPhones" by monitoring... Read more...
A member of Google's Project Zero security team has written a lengthy blog post detailing a series of iOS exploit chains discovered in the wild. According to Project Zero's findings, a hacking group underwent a "sustained effort to hack the users of iPhones" for a period of at least two years. This was accomplished... Read more...
When it comes to disclosing vulnerabilities, the Project Zero team at Google generally sticks to a hard-and-fast deadline, giving companies 90 days to issue a patch before going public with its findings. There are some rare exceptions, but for the most part, Project Zero sticks to that time frame. As such, Project... Read more...
Through its Project Zero team, Google has appointed itself a vanguard of software security and accountability. As such, every so often Project Zero publicizes a security flaw that has gone unpatched for at least 90 days, sometimes at the contentious objection of the company it affects. This time it is Apple and its... Read more...
Just when news of Spectre and Meltdown has seemingly died down, we're now hearing of a fresh round of exploits that might affect Intel processors. A total of 8 new vulnerabilities have been discovered and are being dubbed Spectre Next Generation, or Spectre-NG for short. Each of the eight vulnerabilities have been... Read more...
Google's Project Zero team has discovered a 'medium' security vulnerability that primarily affects Windows 10 S, a stripped down version of Windows 10 that is "streamlined for security and superior performance." While it does not appear to present a major threat to users—remote code execution is not possible in this... Read more...
Google's Project Zero has been busy uncovering vulnerabilities in a wide range of products and services, most notably rooting out CPU flaws that became known as Spectre and Meltdown. While mitigations are still ongoing, Project Zero continues to look for security issues across the board. The latest one that Project Zero found is a remote code Read more...
Google's Project Zero team has publicly disclosed a security vulnerability in Microsoft's Edge browser for Windows 10 after Microsoft failed to issue a patch in the allotted time. The Project Zero team alerted Microsoft of a bug relating to the browser's Arbitrary Code Guard (ACG) back in November of last year. As is... Read more...
If you've been following the tech or security news for the past few days, then you no doubt know of a security vulnerability that reportedly affects all Intel processors. OS vendors have been working to mitigate the issue with kernel patches, but those software Band-Aids can come with some performance handicaps as a... Read more...
Way back in the day -- dating back to just after the release of the first iPhone -- hackers chipped away at the security defenses in iOS to give users functionality that was lacking in the default software. This practice is known as jailbreaking, and it is something that Apple unsurprisingly frowns upon since it... Read more...
Practically everyone who owns a smartphone should be on the lookout for a patch. Both Google and Apple this week released software updates for Android and iOS, respectively, to address a vulnerability discovered in Wi-Fi chipsets developed by Broadcom. If left unpatched, an attacker within range of the same Wi-Fi... Read more...
Security researchers on Google's Project Zero team have discovered critical security flaws in several of Symantec's software security products, including its popular Norton line for consumers and Endpoint Protection for enterprises. No small thing, among the vulnerabilities are several wormable remote code execution... Read more...
Going on a bug hunt might not sound like the most exciting thing in the world, but for Project Zero, the name for a team of security analysts tasked by Google with finding zero-day exploits, a good old fashioned bug hunt is both exhilarating and productive. As a result of Project Zero's efforts to root out bugs in... Read more...
Google has been hitting tech companies with a few right hooks in recent months with regards to zero day exploits. As a part of Google’s “Project Zero” program, its security researchers discover security vulnerabilities in software products, and report its findings to the vendor. The vendor has 90 days from the time of... Read more...
1 2 Next