In-the-Wild Series: Android Post-Exploitation

This is part 5 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, see the introduction post. Posted by Maddie Stone, Project Zero A deep-dive into the implant used by a high-tier attacker against Android...

In-the-Wild Series: Android Exploits

This is part 4 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, see the introduction post. Posted by Mark Brand, Project Zero A survey of the exploitation techniques used by a high-tier attacker against...

CVE-2020-17008 splWOW64 Elevation of Privilege Patch Bypass

This CVE is the result of a patch bypass for CVE-2020-0986, reported to Microsoft by Kaspersky in December 2019 and patched in June 2020. Google Project Zero researcher Maddie Stone notified Microsoft on September 24, 2020 that the fix for Kaspersky’s reported vulnerability was incomplete...

Windows Zero-Day Still Circulating After Faulty Fix

A high-severity Windows zero-day that could lead to complete desktop takeover remains dangerous after a “fix” from Microsoft failed to adequately patch it. The local privilege-escalation bug in Windows 8.1 and Windows 10 CVE-2020-0986 exists in the Print Spooler API. It could allow a local attack...

Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug

Google's Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the unpatched flaw were revealed publicly after Microsoft failed to rectify it with...

An iOS hacker tries Android

Written by Brandon Azad, when working at Project Zero One of the amazing aspects of working at Project Zero is having the flexibility to direct my own research agenda. My prior work has almost exclusively focused on iOS exploitation, but back in August, I thought it could be interesting to try...

iPhone Bug Allowed for Complete Device Takeover Over the Air

Details tied to a stunning iPhone vulnerability were disclosed by noted Google Project Zero researcher Ian Beer. Apple patched the vulnerability earlier this year. But few details, until now, were known about the bug that could have allowed a threat actor to completely take over any iPhone within...

Google Hacker Details Zero-Click 'Wormable' Wi-Fi Exploit to Hack iPhones

Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to "view all the photos,...

An iOS zero-click radio proximity exploit odyssey

Posted by Ian Beer, Project Zero NOTE: This specific issue was fixed before the launch of Privacy-Preserving Contact Tracing in iOS 13.5 in May 2020. In this demo I remotely trigger an unauthenticated kernel memory corruption vulnerability which causes all iOS devices in radio-proximity to reboot...

Fuzzilli - A JavaScript Engine Fuzzer

A coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language "FuzzIL" which can be mutated and translated to JavaScript. Usage The basic steps to use this fuzzer are: 1. Download the source code for one of the supported JavaScript engines. See the Targets/...

Facebook Messenger Bug Allows Spying on Android Users

Facebook has patched a significant flaw in the Android version of Facebook Messenger that could have allowed attackers to spy on users and potentially identify their surroundings without them knowing. Natalie Silvanovich, a security researcher at Google Project Zero, discovered the vulnerability,...

Facebook Messenger Bug Lets Hackers Listen to You Before You Pick Up the Call

Facebook has patched a bug in its widely installed Messenger app for Android that could have allowed a remote attacker to call unsuspecting targets and listen to them before even they picked up the audio call. The flaw was discovered and reported to Facebook by Natalie Silvanovich of Google's...

Oops, I missed it again!

Written by Brandon Azad, when working at Project Zero This is a quick anecdotal post describing one of the more frustrating aspects of vulnerability research: realizing that you missed a bug that was staring you in the face only once you see the patched version! Some suspicious code After writing...

Microsoft Releases Windows Security Updates For Critical Flaws

Microsoft formally released fixes for 112 newly discovered security vulnerabilities as part of its November 2020 Patch Tuesday, including an actively exploited zero-day flaw disclosed by Google's security team last week. The rollout addresses flaws, 17 of which are rated as Critical, 93 are rated...

Microsoft Releases Windows Security Updates For Critical Flaws

Microsoft formally released fixes for 112 newly discovered security vulnerabilities as part of its November 2020 Patch Tuesday, including an actively exploited zero-day flaw disclosed by Google's security team last week. The rollout addresses flaws, 17 of which are rated as Critical, 93 are rated...

CVE-2020-17087 Windows Kernel local privilege escalation 0day

Windows Kernel Local Elevation of Privilege Vulnerability Recent assessments: zeroSteiner at October 30, 2020 9:13pm UTC reported: An error exists within cng!CfgAdtpFormatPropertyBlock where buffer is allocated from a value that is truncated to be 16-bits. The function then goes on and performs a...

Update your iOS now! Apple patches three zero-day vulnerabilities

Apple has patched three vulnerabilities in iOS and iPadOS that were actively being exploited in targeted attacks. Vulnerabilities that are being exploited in the wild without a patch being available are referred to as zero-days. The vulnerabilities were found and disclosed by Google’s Project Zer...

Apple Patches Bugs Tied to Previously Identified Zero-Days

Apple has patched three previously identified zero-day vulnerabilities in its iPhone, iPod and iPad devices potentially related to a spate of related flaws recently discovered by the Google Project Zero team that also affect Google Chrome and Windows. Apple this week released iOS 14.2 and iPadOS...

Update Your iOS Devices Now — 3 Actively Exploited 0-Days Discovered

Apple on Thursday released multiple security updates to patch three zero-day vulnerabilities that were revealed as being actively exploited in the wild. Rolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing...

Update Your iOS Devices Now — 3 Actively Exploited 0-Days Discovered

Apple on Thursday released multiple security updates to patch three zero-day vulnerabilities that were revealed as being actively exploited in the wild. Rolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing...