Lucene search
K
GoogleprojectzeroMost viewed

253 matches found

GoogleProjectZero
GoogleProjectZero
added 2019/08/29 12:0 a.m.929 views

A very deep dive into iOS Exploit chains found in the wild

Posted by Ian Beer, Project Zero Project Zero’s mission is to make 0-day hard. We often work with other companies to find and report security vulnerabilities, with the ultimate goal of advocating for structural security improvements in popular systems to help protect people everywhere. Earlier th...

9.3CVSS8.6AI score0.15705EPSS
Exploits3
GoogleProjectZero
GoogleProjectZero
added 2021/10/20 12:0 a.m.790 views

Using Kerberos for Authentication Relay Attacks

Posted by James Forshaw, Project Zero This blog post is a summary of some research I've been doing into relaying Kerberos authentication in Windows domain environments. To keep this blog shorter I am going to assume you have a working knowledge of Windows network authentication, and specifically...

7.5CVSS6AI score0.66023EPSS
Exploits4
GoogleProjectZero
GoogleProjectZero
added 2021/01/14 12:0 a.m.622 views

Hunting for Bugs in Windows Mini-Filter Drivers

Posted by James Forshaw, Project Zero In December Microsoft fixed 4 issues in Windows in the Cloud Filter and Windows Overlay Filter WOF drivers CVE-2020-17103, CVE-2020-17134, CVE-2020-17136, CVE-2020-17139. These 4 issues were 3 local privilege escalations and a security feature bypass, and the...

7.8CVSS7.8AI score0.27023EPSS
Exploits8
GoogleProjectZero
GoogleProjectZero
added 2021/01/12 12:0 a.m.610 views

In-the-Wild Series: Chrome Exploits

This is part 3 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, see the introduction post. Posted by Sergei Glazunov, Project Zero Introduction As we continue the series on the watering hole attack...

8.8CVSS8.4AI score0.78808EPSS
Exploits9
GoogleProjectZero
GoogleProjectZero
added 2021/04/22 12:0 a.m.544 views

Designing sockfuzzer, a network syscall fuzzer for XNU

Posted by Ned Williamson, Project Zero Introduction When I started my 20% project – an initiative where employees are allocated twenty-percent of their paid work time to pursue personal projects – with Project Zero, I wanted to see if I could apply the techniques I had learned fuzzing Chrome to...

9.3CVSS8.3AI score0.2201EPSS
Exploits17
GoogleProjectZero
GoogleProjectZero
added 2020/12/21 12:0 a.m.498 views

An iOS hacker tries Android

Written by Brandon Azad, when working at Project Zero One of the amazing aspects of working at Project Zero is having the flexibility to direct my own research agenda. My prior work has almost exclusively focused on iOS exploitation, but back in August, I thought it could be interesting to try...

9.3CVSS7.5AI score0.16111EPSS
Exploits2
GoogleProjectZero
GoogleProjectZero
added 2019/08/29 12:0 a.m.452 views

In-the-wild iOS Exploit Chain 1

Posted by Ian Beer, Project Zero TL;DR This exploit provides evidence that these exploit chains were likely written contemporaneously with their supported iOS versions; that is, the exploit techniques which were used suggest that this exploit was written around the time of iOS 10. This suggests...

7.5CVSS8AI score0.11029EPSS
Exploits1
GoogleProjectZero
GoogleProjectZero
added 2022/06/30 12:0 a.m.451 views

2022 0-day In-the-Wild Exploitation…so far

Posted by Maddie Stone, Google Project Zero This blog post is an overview of a talk, “ 0-day In-the-Wild Exploitation in 2022…so far”, that I gave at the FIRST conference in June 2022. The slides are available here. For the last three years, we’ve published annual year-in-review reports of 0-days...

10CVSS8.9AI score0.99999EPSS
Exploits236
GoogleProjectZero
GoogleProjectZero
added 2022/04/19 12:0 a.m.414 views

The More You Know, The More You Know You Don’t Know

A Year in Review of 0-days Used In-the-Wild in 2021 Posted by Maddie Stone, Google Project Zero This is our third annual year in review of 0-days exploited in-the-wild 2020, 2019. Each year we’ve looked back at all of the detected and disclosed in-the-wild 0-days as a group and synthesized what w...

10CVSS9.7AI score0.99999EPSS
Exploits379
GoogleProjectZero
GoogleProjectZero
added 2019/08/07 12:0 a.m.376 views

The Fully Remote Attack Surface of the iPhone

Posted by Natalie Silvanovich, Project Zero While there have been several rumours and reports of fully remote vulnerabilities affecting the iPhone being used by attackers in the last couple of years, limited information is available about the technical details of these vulnerabilities, as well as...

9.8CVSS9.1AI score0.17444EPSS
Exploits9
GoogleProjectZero
GoogleProjectZero
added 2018/12/19 12:0 a.m.299 views

On VBScript

Posted by Ivan Fratric, Google Project Zero Introduction Vulnerabilities in the VBScript scripting engine are a well known way to attack Microsoft Windows. In order to reduce this attack surface, in Windows 10 Fall Creators Update, Microsoft disabled VBScript execution in Internet Explorer in the...

7.6CVSS7.7AI score0.87814EPSS
Exploits9
GoogleProjectZero
GoogleProjectZero
added 2019/08/29 12:0 a.m.280 views

JSC Exploits

Posted by Samuel Groß, Project Zero In this post, we will take a look at the WebKit exploits used to gain an initial foothold onto the iOS device and stage the privilege escalation exploits. All exploits here achieve shellcode execution inside the sandboxed renderer process WebContent on iOS...

9.3CVSS8.7AI score0.83898EPSS
Exploits18
GoogleProjectZero
GoogleProjectZero
added 2021/04/01 12:0 a.m.277 views

Who Contains the Containers?

Posted by James Forshaw, Project Zero This is a short blog post about a research project I conducted on Windows Server Containers that resulted in four privilege escalations which Microsoft fixed in March 2021. In the post, I describe what led to this research, my research process, and insights...

8.8CVSS8.8AI score0.01462EPSS
Exploits3
GoogleProjectZero
GoogleProjectZero
added 2021/01/12 12:0 a.m.263 views

In-the-Wild Series: Chrome Infinity Bug

This is part 2 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, see the introduction post. Posted by Sergei Glazunov, Project Zero This post only covers one of the exploits, specifically a renderer...

8.8CVSS8.7AI score0.06432EPSS
Exploits2
GoogleProjectZero
GoogleProjectZero
added 2020/08/05 12:0 a.m.255 views

Exploiting Android Messengers with WebRTC: Part 2

Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in WebRTC. This series highlights what can go wrong when applications don't apply WebRTC patches and when the communication and notification of security issues breaks...

9.8CVSS9.3AI score0.0779EPSS
Exploits6
GoogleProjectZero
GoogleProjectZero
added 2019/08/29 12:0 a.m.252 views

In-the-wild iOS Exploit Chain 3

Posted by Ian Beer, Project Zero TL;DR This chain targeted iOS 11-11.4.1, spanning almost 10 months. This is the first chain we observed which had a separate sandbox escape exploit. The sandbox escape vulnerability was a severe security regression in libxpc, where refactoring lead to a bounds che...

7.5CVSS7.7AI score0.11029EPSS
Exploits1
GoogleProjectZero
GoogleProjectZero
added 2021/02/03 12:0 a.m.249 views

Déjà vu-lnerability

A Year in Review of 0-days Exploited In-The-Wild in 2020 Posted by Maddie Stone, Project Zero 2020 was a year full of 0-day exploits. Many of the Internet’s most popular browsers had their moment in the spotlight. Memory corruption is still the name of the game and how the vast majority of detect...

9.6CVSS9.3AI score0.86863EPSS
Exploits27
GoogleProjectZero
GoogleProjectZero
added 2020/04/02 12:0 a.m.244 views

TFW you-get-really-excited-you-patch-diffed-a-0day-used-in-the-wild-but-then-find-out-it-is-the-wrong-vuln

Posted by Maddie Stone, Project Zero INTRODUCTION I’m really interested in 0-days exploited in the wild and what we, the security community, can learn about them to make 0-day hard. I explained some of Project Zero’s ideas and goals around in-the-wild 0-days in a November blog post. On December’s...

9.8CVSS8.7AI score0.80968EPSS
Exploits38
GoogleProjectZero
GoogleProjectZero
added 2021/01/12 12:0 a.m.242 views

In-the-Wild Series: Android Exploits

This is part 4 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, see the introduction post. Posted by Mark Brand, Project Zero A survey of the exploitation techniques used by a high-tier attacker against...

9.3CVSS7.8AI score0.83524EPSS
Exploits88
GoogleProjectZero
GoogleProjectZero
added 2017/05/10 12:0 a.m.238 views

Exploiting the Linux kernel via packet sockets

Guest blog post, posted by Andrey Konovalov Introduction Lately I’ve been spending some time fuzzing network-related Linux kernel interfaces with syzkaller. Besides the recently discovered vulnerability in DCCP sockets, I also found another one, this time in packet sockets. This post describes ho...

7.8CVSS7.9AI score0.17827EPSS
Exploits34
GoogleProjectZero
GoogleProjectZero
added 2019/08/29 12:0 a.m.237 views

In-the-wild iOS Exploit Chain 2

Posted by Ian Beer, Project Zero TL;DR This was an exploit for a known bug class which I had been auditing for since late 2016. The same anti-pattern which lead to this vulnerability, we’ll see again in Exploit Chain 3, which follows this post. This exploit chain targets iOS 10.3 through 10.3.3...

9.3CVSS7.6AI score0.14888EPSS
Exploits8
GoogleProjectZero
GoogleProjectZero
added 2020/12/01 12:0 a.m.230 views

An iOS zero-click radio proximity exploit odyssey

Posted by Ian Beer, Project Zero NOTE: This specific issue was fixed before the launch of Privacy-Preserving Contact Tracing in iOS 13.5 in May 2020. In this demo I remotely trigger an unauthenticated kernel memory corruption vulnerability which causes all iOS devices in radio-proximity to reboot...

9.4CVSS8.8AI score0.2201EPSS
Exploits12
GoogleProjectZero
GoogleProjectZero
added 2020/01/09 12:0 a.m.221 views

Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back -- Gaining Code Execution

Posted by Samuel Groß, Project Zero This is the third and last post in a series about a remote, interactionless iPhone exploit over iMessage. The first blog post introduced the exploited vulnerability, and the second blog post described a way to perform a heapspray, leaking the shared cache base...

9.8CVSS8.9AI score0.17444EPSS
Exploits9
GoogleProjectZero
GoogleProjectZero
added 2021/12/15 12:0 a.m.218 views

A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution

Posted by Ian Beer & Samuel Groß of Google Project Zero We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit with us, and Apple’s Security Engineering and Architecture SEAR group for collaborating with us on the technical analysis. The editorial opinions reflected below ar...

7.8CVSS6.9AI score0.75994EPSS
Exploits2
GoogleProjectZero
GoogleProjectZero
added 2022/04/07 12:0 a.m.215 views

CVE-2021-30737, @xerub's 2021 iOS ASN.1 Vulnerability

Posted by Ian Beer, Google Project Zero This blog post is my analysis of a vulnerability found by @xerub. Phrack published @xerub's writeup so go check that out first. As well as doing my own vulnerability research I also spend time trying as best as I can to keep up with the public...

8.8CVSS8.6AI score0.04192EPSS
Exploits1
GoogleProjectZero
GoogleProjectZero
added 2020/07/29 12:0 a.m.215 views

Root Cause Analyses for 0-day In-the-Wild Exploits

Posted by Maddie Stone, Project Zero When a 0-day is exploited in the wild AND it is detected, we need to use that as an opportunity to learn as much as possible about the vulnerability and the exploit if we hope to make 0-day hard. One of the main methods to do that is to perform a root cause...

9.3CVSS9.1AI score0.74438EPSS
Exploits53
GoogleProjectZero
GoogleProjectZero
added 2021/01/12 12:0 a.m.209 views

In-the-Wild Series: Windows Exploits

This is part 6 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, see the introduction post. Posted by Mateusz Jurczyk and Sergei Glazunov, Project Zero In this post we'll discuss the exploits for...

8.8CVSS8.9AI score0.69166EPSS
Exploits3
GoogleProjectZero
GoogleProjectZero
added 2020/09/01 12:0 a.m.209 views

JITSploitation II: Getting Read/Write

Posted by Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed i...

8.8CVSS9.4AI score0.08207EPSS
Exploits4
GoogleProjectZero
GoogleProjectZero
added 2019/08/29 12:0 a.m.193 views

In-the-wild iOS Exploit Chain 5

Posted by Ian Beer, Project Zero TL;DR This exploit chain is a three way collision between this attacker group, Brandon Azad from Project Zero, and @S0rryMybad from 360 security. On November 17th 2018, @S0rryMybad used this vulnerability to win $200,000 USD at the TianFu Cup PWN competition...

7.8CVSS7.8AI score0.28548EPSS
Exploits4
GoogleProjectZero
GoogleProjectZero
added 2021/01/12 12:0 a.m.188 views

In-the-Wild Series: Android Post-Exploitation

This is part 5 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, see the introduction post. Posted by Maddie Stone, Project Zero A deep-dive into the implant used by a high-tier attacker against Android...

7.6AI score
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2020/07/29 12:0 a.m.185 views

Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019

Posted by Maddie Stone, Project Zero In May 2019, Project Zero released our tracking spreadsheet for 0-days used “in the wild” and we started a more focused effort on analyzing and learning from these exploits. This is another way Project Zero is trying to make zero-day hard. This blog post...

9.3CVSS8.4AI score0.86863EPSS
Exploits193
GoogleProjectZero
GoogleProjectZero
added 2021/01/12 12:0 a.m.182 views

Introducing the In-the-Wild Series

This is part 1 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, head to the bottom of this post. At Project Zero we often refer to our goal simply as “make 0-day hard”. Members of the team approach this...

8.8CVSS8.8AI score0.78808EPSS
Exploits9
GoogleProjectZero
GoogleProjectZero
added 2021/03/18 12:0 a.m.175 views

In-the-Wild Series: October 2020 0-day discovery

Posted by Maddie Stone, Project Zero In October 2020, Google Project Zero discovered seven 0-day exploits being actively used in-the-wild. These exploits were delivered via "watering hole" attacks in a handful of websites pointing to two exploit servers that hosted exploit chains for Android,...

9.6CVSS8.5AI score0.5063EPSS
Exploits8
GoogleProjectZero
GoogleProjectZero
added 2021/01/21 12:0 a.m.159 views

Windows Exploitation Tricks: Trapping Virtual Memory Access

Posted by James Forshaw, Project Zero This blog is a continuation of my series of Windows exploitation tricks. This one describes an exploitation trick I’ve been trying to develop for years, succeeding mostly, more on that later on the latest versions of Windows 10. It’s a trick to trap access to...

7.6AI score
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2019/11/21 12:0 a.m.157 views

Bad Binder: Android In-The-Wild Exploit

Posted by Maddie Stone, Project Zero Introduction On October 3, 2019, we disclosed issue 1942 CVE-2019-2215, which is a use-after-free in Binder in the Android kernel. The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device. If chained with a...

7.8CVSS8.2AI score0.72105EPSS
Exploits27
GoogleProjectZero
GoogleProjectZero
added 2018/09/26 12:0 a.m.154 views

A cache invalidation bug in Linux memory management

Posted by Jann Horn, Google Project Zero This blogpost describes a way to exploit a Linux kernel bug CVE-2018-17182 that exists since kernel version 3.16. While the bug itself is in code that is reachable even from relatively strongly sandboxed contexts, this blogpost only describes a way to...

7.8CVSS8AI score0.03206EPSS
Exploits4
GoogleProjectZero
GoogleProjectZero
added 2021/10/19 12:0 a.m.130 views

How a simple Linux kernel memory corruption bug can lead to complete system compromise

An analysis of current and potential kernel security mitigations Posted by Jann Horn, Project Zero Introduction This blog post describes a straightforward Linux kernel locking bug and how I exploited it against Debian Buster's 4.19.0-13-amd64 kernel. Based on that, it explores options for securit...

7.5CVSS7.8AI score0.03399EPSS
Exploits1
GoogleProjectZero
GoogleProjectZero
added 2023/03/16 12:0 a.m.127 views

Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems

Posted by Tim Willis, Project Zero In late 2022 and early 2023, Project Zero reported eighteen 0-day vulnerabilities in Exynos Modems produced by Samsung Semiconductor. The four most severe of these eighteen vulnerabilities CVE-2023-24033, CVE-2023-26496, CVE-2023-26497 and CVE-2023-26498 allowed...

9.8CVSS9.4AI score0.34305EPSS
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2021/06/29 12:0 a.m.124 views

An EPYC escape: Case-study of a KVM breakout

Posted by Felix Wilhelm, Project Zero Introduction KVM for Kernel-based Virtual Machine is the de-facto standard hypervisor for Linux-based cloud environments. Outside of Azure, almost all large-scale cloud and hosting providers are running on top of KVM, turning it into one of the fundamental...

7.4CVSS7.3AI score0.00413EPSS
Exploits1
GoogleProjectZero
GoogleProjectZero
added 2021/12/01 12:0 a.m.122 views

This shouldn't have happened: A vulnerability postmortem

Posted by Tavis Ormandy, Project Zero Introduction This is an unusual blog post. I normally write posts to highlight some hidden attack surface or interesting complex vulnerability class. This time, I want to talk about a vulnerability that is neither of those things. The striking thing about thi...

9.8CVSS10AI score0.17563EPSS
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2021/10/20 12:0 a.m.121 views

Windows Exploitation Tricks: Relaying DCOM Authentication

Posted by James Forshaw, Project Zero In my previous blog post I discussed the possibility of relaying Kerberos authentication from a DCOM connection. I was originally going to provide a more in-depth explanation of how that works, but as it's quite involved I thought it was worthy of its own blo...

7.2CVSS7.3AI score0.04417EPSS
Exploits4
GoogleProjectZero
GoogleProjectZero
added 2024/06/20 12:0 a.m.112 views

Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models

Posted by Sergei Glazunov and Mark Brand, Google Project Zero Introduction At Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research. Though much of our work still relies on traditional methods like manual source code audits and reverse engineering,...

7.8AI score
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2021/01/28 12:0 a.m.106 views

A Look at iMessage in iOS 14

Posted By Samuel Groß, Project Zero On December 20, Citizenlab published “The Great iPwn”, detailing how “Journalists were Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit”. Of particular interest is the following note: “We do not believe that the exploit works against iOS 14 and...

8.3AI score
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2021/08/19 12:0 a.m.104 views

Understanding Network Access in Windows AppContainers

Posted by James Forshaw, Project Zero Recently I've been delving into the inner workings of the Windows Firewall. This is interesting to me as it's used to enforce various restrictions such as whether AppContainer sandboxed applications can access the network. Being able to bypass network...

6.7AI score
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2022/06/14 12:0 a.m.102 views

An Autopsy on a Zombie In-the-Wild 0-day

Posted by Maddie Stone, Google Project Zero Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding the root cause of the bug. This allows us to then understand if it was fully fixed, look for variants, and brainstorm new mitigations. This blog is the story of a...

8.8CVSS8.2AI score0.16342EPSS
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2018/10/16 12:0 a.m.102 views

Injecting Code into Windows Protected Processes using COM - Part 1

Posted by James Forshaw, Google Project Zero At Recon Montreal 2018 I presented “Unknown Known DLLs and other Code Integrity Trust Violations” with Alex Ionescu. We described the implementation of Microsoft Windows’ Code Integrity mechanisms and how Microsoft implemented Protected Processes PP. A...

3.3CVSS6AI score0.03109EPSS
Exploits1
GoogleProjectZero
GoogleProjectZero
added 2022/08/10 12:0 a.m.101 views

The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)

A deep dive into an in-the-wild Android exploit Guest Post by Xingyu Jin, Android Security Research This is part one of a two-part guest blog post, where first we'll look at the root cause of the CVE-2021-0920 vulnerability. In the second post, we'll dive into the in-the-wild 0-day exploitation o...

7CVSS7.3AI score0.00811EPSS
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2020/06/11 12:0 a.m.100 views

A survey of recent iOS kernel exploits

Posted by Brandon Azad, Project Zero I recently found myself wishing for a single online reference providing a brief summary of the high-level exploit flow of every public iOS kernel exploit in recent years; since no such document existed, I decided to create it here. This post summarizes origina...

10CVSS9.2AI score0.28548EPSS
Exploits31
GoogleProjectZero
GoogleProjectZero
added 2015/07/31 12:0 a.m.97 views

One font vulnerability to rule them all #1: Introducing the BLEND vulnerability

Posted by Mateusz Jurczyk of Google Project Zero Last month, I presented parts of my PostScript font security research at the REcon security conference in Montreal, in a talk titled “One font vulnerability to rule them all: A story of cross-software ownage, shared codebases and advanced...

10CVSS8.6AI score0.22911EPSS
Exploits2
GoogleProjectZero
GoogleProjectZero
added 2024/11/01 12:0 a.m.96 views

From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code

Posted by the Big Sleep team Introduction In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-a...

7.7AI score
Exploits0
Total number of security vulnerabilities253