Items tagged with Project Zero

by Zak Killian - Fri, Dec 17, 2021

NSO Zero-Click Malware Pwns Your iPhone With A Virtual CPU Encoded In Y2K Image Tech

If you're a technology enthusiast, you've probably heard of "one-click" malware. This is pretty scary stuff in its own right: one click of a carefully-crafted link in an e-mail or other text message, and you're infected. One-click malware has been around a long time, but there's something even worse these days. It's... Read more...

by Paul Lilly - Sat, Apr 17, 2021

Google Project Zero Disclosure Policy Change Could Drive Better Zero-Day Security Patches

Companies like Microsoft and others are potentially getting more time to fix zero-day vulnerabilities before Google's Project Zero team discloses them to the public, as part of a new policy change for 2021. At the same time, end users can potentially expect zero-day security patches to arrive quicker and be more... Read more...

by Paul Lilly - Thu, Dec 24, 2020

Google Project Zero Discloses Privilege Escalation Flaw In Windows After Incomplete Patch

The bug hunters that comprise Google's Project Zero team are getting a little fed up with companies that issue incomplete or otherwise incorrect patches for zero-day vulnerabilities they discover. Going into 2021, the team plans to reevaluate how it handles these kinds of situations, with a recent privilege escalation... Read more...

by Paul Lilly - Tue, Dec 15, 2020

Google Project Zero Outs Qualcomm Adreno GPU Driver Exploit Affecting Millions Of Android Devices

It seems Qualcomm is having a devil of a time fixing a security flaw related to its Adreno GPU driver code. It was brought to Qualcomm's attention by Google's Project Zero team, which sniffs out vulnerabilities and compels companies to fast-track security fixes by going public with the details after 90 days have... Read more...

by Nathan Ord - Sat, Oct 31, 2020

Google Project Zero Discloses Nasty Windows 0-Day Security Exploit Already In The Wild

Google’s Project Zero team, which is tasked with discovering 0-day vulnerabilities, has uncovered an exploit in the Windows kernel that can lead to sandbox escape or privilege escalation. The bug, given CVE-2020-17087, is of the buffer overflow type in the Windows Kernel Cryptography Driver (CNG.sys) and is being... Read more...

by Paul Lilly - Wed, Aug 12, 2020

Google Rats Out Microsoft For Incomplete Windows 10 Privilege Escalation Exploit Patch

After being alerted to a "medium" security flaw in Windows 10 by Google's Project Zero team, Microsoft took a swing and a miss at fixing it through yesterday's cumulative Patch Tuesday roll out. As per Project Zero's policy, the vulnerability has now been disclosed to the public, as Microsoft failed to address it... Read more...

by Paul Lilly - Wed, Jan 08, 2020

Google Modifies 90-Day Project Zero Disclosure Policy After Developer Backlash

Through its Project Zero division, Google has tasked itself with motivating technology companies to push out timely patches for zero day vulnerabilities. It does this by giving companies 90 days to patch a security flaw before going public with the details. There are differing opinions on whether this is the right... Read more...

by Paul Lilly - Fri, Oct 04, 2019

New 0-Day Android Security Exploit Allows Full Control Over Pixel And Galaxy Phones

A dangerous zero-day vulnerability affecting at least a dozen different Android phone models is being actively exploited in the wild, according to Google's Project Zero team. Attackers who leverage the security flaw are able to gain full control of an affected Android phone. As of right now, no patch for the... Read more...

by Brandon Hill - Fri, Sep 06, 2019

Apple Barks Back In Official Statement After Google Bites Into iOS Security

A week ago, Google disclosed findings from its Project Zero Threat Analysis Group, which discovered 14 vulnerability in iOS that were used across five exploit chains. According to Google, the exploits were used over a period of more than two years in a "sustained effort to hack the users of iPhones" by monitoring... Read more...

by Paul Lilly - Fri, Aug 30, 2019

Google Uncovers Major iPhone Security Flaw That Left Users Vulnerable For Years

A member of Google's Project Zero security team has written a lengthy blog post detailing a series of iOS exploit chains discovered in the wild. According to Project Zero's findings, a hacking group underwent a "sustained effort to hack the users of iPhones" for a period of at least two years. This was accomplished... Read more...

by Paul Lilly - Thu, Jun 13, 2019

Google Rings Alarm On Windows 10 Zero-Day Exploit After Microsoft Misses Patch Deadline

When it comes to disclosing vulnerabilities, the Project Zero team at Google generally sticks to a hard-and-fast deadline, giving companies 90 days to issue a patch before going public with its findings. There are some rare exceptions, but for the most part, Project Zero sticks to that time frame. As such, Project... Read more...

by Paul Lilly - Mon, Mar 04, 2019

Google Project Zero Exposes Severe macOS XNU Kernel Flaw After Apple Inaction

Through its Project Zero team, Google has appointed itself a vanguard of software security and accountability. As such, every so often Project Zero publicizes a security flaw that has gone unpatched for at least 90 days, sometimes at the contentious objection of the company it affects. This time it is Apple and its... Read more...

by Brandon Hill - Sat, May 05, 2018

Intel CPUs Reportedly Vulnerable To New Spectre-Style Critical Security Chip Flaws

Just when news of Spectre and Meltdown has seemingly died down, we're now hearing of a fresh round of exploits that might affect Intel processors. A total of 8 new vulnerabilities have been discovered and are being dubbed Spectre Next Generation, or Spectre-NG for short. Each of the eight vulnerabilities have been... Read more...

by Paul Lilly - Fri, Apr 20, 2018

Google Project Zero Discloses Windows 10 S Bug After Denying Microsoft's Extension Request

Google's Project Zero team has discovered a 'medium' security vulnerability that primarily affects Windows 10 S, a stripped down version of Windows 10 that is "streamlined for security and superior performance." While it does not appear to present a major threat to users—remote code execution is not possible in this... Read more...

by Paul Lilly - Tue, Feb 27, 2018

uTorrent Exploit Allows Hackers To Remotely Control Your PC

Google's Project Zero has been busy uncovering vulnerabilities in a wide range of products and services, most notably rooting out CPU flaws that became known as Spectre and Meltdown. While mitigations are still ongoing, Project Zero continues to look for security issues across the board. The latest one that Project Zero found is a remote code Read more...

by Paul Lilly - Mon, Feb 19, 2018

Google Project Zero Team Exposes Microsoft Edge Browser Exploit After Redmond Misses Deadline

Google's Project Zero team has publicly disclosed a security vulnerability in Microsoft's Edge browser for Windows 10 after Microsoft failed to issue a patch in the allotted time. The Project Zero team alerted Microsoft of a bug relating to the browser's Arbitrary Code Guard (ACG) back in November of last year. As is... Read more...

by Brandon Hill - Thu, Jan 04, 2018

Dangerous Meltdown And Spectre Security Flaws Exposed Affecting All Intel, AMD And ARM Processors

If you've been following the tech or security news for the past few days, then you no doubt know of a security vulnerability that reportedly affects all Intel processors. OS vendors have been working to mitigate the issue with kernel patches, but those software Band-Aids can come with some performance handicaps as a... Read more...

by Brandon Hill - Fri, Dec 08, 2017

Google Has Its Finger On The Trigger Of An iOS 11 Exploit That May Jailbreak iPhones

Way back in the day -- dating back to just after the release of the first iPhone -- hackers chipped away at the security defenses in iOS to give users functionality that was lacking in the default software. This practice is known as jailbreaking, and it is something that Apple unsurprisingly frowns upon since it... Read more...

by Paul Lilly - Thu, Apr 06, 2017

Google And Apple Patch Serious Android And iOS Broadcom Wi-Fi Bug That Allowed Remote Execution Hack

Practically everyone who owns a smartphone should be on the lookout for a patch. Both Google and Apple this week released software updates for Android and iOS, respectively, to address a vulnerability discovered in Wi-Fi chipsets developed by Broadcom. If left unpatched, an attacker within range of the same Wi-Fi... Read more...

by Paul Lilly - Wed, Jun 29, 2016

Google Project Zero Claims Symantec And Norton Software Security Exploits Are “As Bad As They Get’

Security researchers on Google's Project Zero team have discovered critical security flaws in several of Symantec's software security products, including its popular Norton line for consumers and Endpoint Protection for enterprises. No small thing, among the vulnerabilities are several wormable remote code execution... Read more...

by Paul Lilly - Tue, Nov 03, 2015

Google Hackers Expose 11 Major Security Flaws In Samsung Galaxy S6 Edge

Going on a bug hunt might not sound like the most exciting thing in the world, but for Project Zero, the name for a team of security analysts tasked by Google with finding zero-day exploits, a good old fashioned bug hunt is both exhilarating and productive. As a result of Project Zero's efforts to root out bugs in... Read more...

by Brandon Hill - Fri, Feb 13, 2015

Google Stops Playing Hardball With Exploit Disclosures, Offers 14-Day Grace Period For Patches

Google has been hitting tech companies with a few right hooks in recent months with regards to zero day exploits. As a part of Google’s “Project Zero” program, its security researchers discover security vulnerabilities in software products, and report its findings to the vendor. The vendor has 90 days from the time of... Read more...