Google Project Zero Archives – Gridinsoft Blog https://gridinsoft.com/blogs/tag/google-project-zero/ Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Tue, 24 May 2022 19:56:52 +0000 en-US hourly 1 https://wordpress.org/?v=89885 200474804 Google analysts noticed that software vendors began to fix Zero-day vulnerabilities faster https://gridinsoft.com/blogs/manufacturers-began-to-fix-zero-day-vulnerabilities-faster/ https://gridinsoft.com/blogs/manufacturers-began-to-fix-zero-day-vulnerabilities-faster/#respond Tue, 15 Feb 2022 21:58:56 +0000 https://gridinsoft.com/blogs/?p=7107 Google Project Zero specialists presented a report according to which software vendors began to fix 0-day vulnerabilities faster. For example, last year organizations needed less time than in previous years to fix 0-day vulnerabilities discovered by experts. On average, companies took 52 days to fix bugs, while three years ago they needed an average of… Continue reading Google analysts noticed that software vendors began to fix Zero-day vulnerabilities faster

The post Google analysts noticed that software vendors began to fix Zero-day vulnerabilities faster appeared first on Gridinsoft Blog.

]]>
Google Project Zero specialists presented a report according to which software vendors began to fix 0-day vulnerabilities faster. For example, last year organizations needed less time than in previous years to fix 0-day vulnerabilities discovered by experts.

On average, companies took 52 days to fix bugs, while three years ago they needed an average of 80 days. Thus, almost all vendors fixed the vulnerabilities within the industry standard of 90 days.

According to statistics collected for 2019-2021 and based on 376 zero-day vulnerabilities discovered by Google Project Zero experts, 26% of the problems related to Microsoft products, 23% to Apple and 16% to Google. That is, the three software giants accounted for 65% of all detected problems, and, according to experts, this well reflects the complexity and volume of their software products, which inevitably have “white spots” that even numerous security engineers miss.

fix 0-day vulnerabilities

Overall, the report named Linux, Mozilla, and Google as the best in terms of timely release of patches, while Oracle, Microsoft, and Samsung were named as the worst.

Recall, by the way, that we wrote that 0-day vulnerability remained unpatched for 2 years due to Microsoft bug bounty issues.

In the highly competitive field of mobile OS, iOS and Android go hand in hand: the former has an average bug fix time of 70 days, while the latter has 72 days.

fix 0-day vulnerabilities

In the browser category, Chrome outperforms all competitors with an average bug fix period of 29.9 days, while Firefox comes in second with 37.8 days. Apple, in third place, took twice as long to fix bugs in WebKit, taking an average of 72.7 days.

Google Project Zero experts explain:

In this analysis, WebKit is the black sheep with the longest time it takes to release patches, at 73 days. Patch release time [for WebKit] is somewhere in between Chrome and Firefox. Unfortunately, this leaves a lot of time for opportunistic attackers to find a patch and exploit for the problem before the fix is available to users.

fix 0-day vulnerabilities

You might also be interested in reading what Google says that a quarter of all 0-day vulnerabilities are new variations of old problems.

READ ALSO: Zero Day Attacks – How To Prevent Them? What does a zero day attack mean? Or is there a way to avoid this danger?

The post Google analysts noticed that software vendors began to fix Zero-day vulnerabilities faster appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/manufacturers-began-to-fix-zero-day-vulnerabilities-faster/feed/ 0 7107
Google says that a quarter of all 0-day vulnerabilities are new variations of old problems https://gridinsoft.com/blogs/google-says-that-a-quarter-of-all-0-day-vulnerabilities-are-new-variations-of-old-problems/ https://gridinsoft.com/blogs/google-says-that-a-quarter-of-all-0-day-vulnerabilities-are-new-variations-of-old-problems/#respond Thu, 04 Feb 2021 16:26:57 +0000 https://blog.gridinsoft.com/?p=5069 Google analysts studied the 0-day vulnerabilities they discovered in 2020, and concluded that almost a quarter of the problems are new variations of already known bugs that had previously received patches. The authors of the report write that many problems could have been avoided if the developers immediately corrected their products more thoroughly. In 2020,… Continue reading Google says that a quarter of all 0-day vulnerabilities are new variations of old problems

The post Google says that a quarter of all 0-day vulnerabilities are new variations of old problems appeared first on Gridinsoft Blog.

]]>
Google analysts studied the 0-day vulnerabilities they discovered in 2020, and concluded that almost a quarter of the problems are new variations of already known bugs that had previously received patches.

The authors of the report write that many problems could have been avoided if the developers immediately corrected their products more thoroughly.

In 2020, thanks to the work of the Google Project Zero team, were identified 24 zero-day vulnerabilities, which were actively exploited by hackers. Six of them (in Chrome, Firefox, Internet Explorer, Safari and Windows) turned out to be new versions of previously known vulnerabilities. Supposedly, attackers carefully studied the old bug reports, figured out the original problems, and then created new versions of exploits for them.

Google on 0-day vulnerabilities

In some exploits, it was enough to change one or two lines of code to get a new working exploit for a zero-day vulnerability.say the experts.

In addition, three other issues that were discovered last year and affected Chrome, Internet Explorer and Windows were not fully fixed, that is, they eventually required additional patches. In fact, if hackers carefully studied the released fixes, they could discover a way to allow them to continue exploiting bugs and attacks.

Google on 0-day vulnerabilities

Google Project Zero experts advise their colleagues to analyze 0-day vulnerabilities deeper and learn to work with such problems. Once the Google Project Zero team was created specifically to search and research zero-day vulnerabilities, and now its experts say that 0-day bugs are a kind of “window” that allows looking into the heads of attackers, learn as much as possible about possible attack vectors , classes of problems and how to deal with them.

When 0-day exploits are detected in-the-wild, it’s the failure case for an attacker. It’s a gift for us security defenders to learn as much as we can and take actions to ensure that that vector can’t be used again. The goal is to force attackers to start from scratch each time we detect one of their exploits: they’re forced to discover a whole new vulnerability, they have to invest the time in learning and analyzing a new attack surface, they must develop a brand new exploitation method. To do that, we need correct and comprehensive fixes.told Google Project Zero experts.

Let me remind you that in the fall Google Project Zero discovered a 0-day vulnerability in the Windows kernel.

The post Google says that a quarter of all 0-day vulnerabilities are new variations of old problems appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/google-says-that-a-quarter-of-all-0-day-vulnerabilities-are-new-variations-of-old-problems/feed/ 0 5069
Cybersecurity expert created an exploit to hack iPhone via Wi-Fi https://gridinsoft.com/blogs/cybersecurity-expert-created-an-exploit-to-hack-iphone-via-wi-fi/ https://gridinsoft.com/blogs/cybersecurity-expert-created-an-exploit-to-hack-iphone-via-wi-fi/#respond Thu, 03 Dec 2020 21:43:34 +0000 https://blog.gridinsoft.com/?p=4795 Google Project Zero expert Ian Beer has demonstrated an exploit to hack iPhone and other iOS devices remotely and without user interaction. The underlying critical vulnerability CVE-2020-3843, discovered by the researcher, made it possible to remotely steal sensitive data from any device in the Wi-Fi hotspot without any user’s interaction. The exploit, which Bier worked… Continue reading Cybersecurity expert created an exploit to hack iPhone via Wi-Fi

The post Cybersecurity expert created an exploit to hack iPhone via Wi-Fi appeared first on Gridinsoft Blog.

]]>
Google Project Zero expert Ian Beer has demonstrated an exploit to hack iPhone and other iOS devices remotely and without user interaction.

The underlying critical vulnerability CVE-2020-3843, discovered by the researcher, made it possible to remotely steal sensitive data from any device in the Wi-Fi hotspot without any user’s interaction.

The exploit, which Bier worked on alone for six months, allows “to view all photos, read all e-mail, copy all private messages and track everything that happens [on the device] in real time.”

Since Apple engineers fixed the problem back in the spring of this year (within the framework of iOS 13.3.1, macOS Catalina 10.15.3 and watchOS 5.3.7), and the researcher has now disclosed details of the problem and even demonstrated an attack in action.

The root of the problem was a ‘rather trivial buffer overflow error’ in the Wi-Fi driver related to Apple’s Wireless Direct Link (AWDL), a proprietary network protocol developed by Apple for use with AirDrop, AirPlay, and so on. which was intended to simplify the exchange of data between Apple devices.says Ian Beer.

The video below shows how, using an iPhone 11 Pro, Raspberry Pi, and two Wi-Fi adapters, the researcher were capable of remotely reading and writing of random kernel memory. Beer used all of this to inject shellcode into kernel memory through exploiting the victim process, escaping the sandbox, and retrieving user data.

Essentially, a potential attacker needed to attack the AirDrop BTLE infrastructure in order to enable the AWDL interface. This was done through brute-force hash values of the contact (after all, usually users provide AirDrop with access only to their contacts), and then an AWDL buffer overflow.

As a result, it was possible to gain access to the device and run malware with root privileges, which gave the attacker complete control over the user’s personal data, including email, photos, messages, iCloud data, as well as passwords and cryptographic keys from the Keychain, and much more.

Even worse, such an exploit could have the potential of a worm, that is, it could spread from one device to another “by air” and again without user intervention.

Beer notes that this vulnerability was not exploited by cybercriminals, but the hacking community and “exploit vendors seem to be interested in the released fixes.”

I also wrote that Researcher remotely hacked iPhone using only one vulnerability.

And always remember that US authorities can hack the iPhone, but may have difficulties with Android.

The post Cybersecurity expert created an exploit to hack iPhone via Wi-Fi appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/cybersecurity-expert-created-an-exploit-to-hack-iphone-via-wi-fi/feed/ 0 4795
Google Chrome fixed second 0-day vulnerability in two weeks https://gridinsoft.com/blogs/google-chrome-fixed-second-0-day-vulnerability-in-two-weeks/ https://gridinsoft.com/blogs/google-chrome-fixed-second-0-day-vulnerability-in-two-weeks/#respond Tue, 03 Nov 2020 23:26:52 +0000 https://blog.gridinsoft.com/?p=4560 Google developers have released Chrome version 86.0.4240.183 for Windows, Mac and Linux, which fixed 10 different problems. The update also includes a patch for a 0-day vulnerability in Google Chrome, which hackers are already actively using. The bug was identified as CVE-2020-16009 and was discovered by the Threat Analysis Group (TAG), Google’s internal security team… Continue reading Google Chrome fixed second 0-day vulnerability in two weeks

The post Google Chrome fixed second 0-day vulnerability in two weeks appeared first on Gridinsoft Blog.

]]>
Google developers have released Chrome version 86.0.4240.183 for Windows, Mac and Linux, which fixed 10 different problems. The update also includes a patch for a 0-day vulnerability in Google Chrome, which hackers are already actively using.

The bug was identified as CVE-2020-16009 and was discovered by the Threat Analysis Group (TAG), Google’s internal security team dedicated to tracking attackers and their ongoing operations.

The issue identified was related to the V8 JavaScript engine and allows random code execution (RCE).so far, it seems the only thing that can be said about the problem based on the available data.

So far, details about the vulnerability and its exploitation have not been disclosed. It is worth noting that this is a common practice for Google: the company’s specialists can “keep silent” for months on the technical details of bugs in order not to give cybercriminals hints and allow users to install updates calmly.

I must say that two weeks ago, Google experts fixed another 0-day vulnerability in their browser. The error was also discovered internally by Google Project Zero specialists. It was identified as CVE-2020-15999 and was associated with the FreeType font rendering library that comes with standard Chrome distributions. It is known that the bug is associated with a violation of the integrity of information in memory.

A vulnerability exists in the function `Load_SBit_Png`, which processes PNG images embedded into fonts. The issue is that libpng uses the original 32-bit values, which are saved in `png_struct`. Therefore, if the original width and/or height are greater than 65535, the allocated buffer won’t be able to fit the bitmap.describe the issue Google IS specialists.

Let me remind you that CVE-2020-15999 was used in conjunction with another 0-day vulnerability – CVE-2020-17087, a serious bug found in the Windows kernel.

For example, a vulnerability in Chrome was used to run malicious code inside the browser, and day zero was used in Windows during the second part of the attack, which allowed attackers to leave the secure Chrome container and execute the code already at the OS level (that is, to escape from the sandbox). Microsoft is expected to fix this issue on November 10th as part of Patch Tuesday.

The post Google Chrome fixed second 0-day vulnerability in two weeks appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/google-chrome-fixed-second-0-day-vulnerability-in-two-weeks/feed/ 0 4560
Google Project Zero discovered a 0-day vulnerability in the Windows kernel https://gridinsoft.com/blogs/google-project-zero-discovered-a-0-day-vulnerability-in-the-windows-kernel/ https://gridinsoft.com/blogs/google-project-zero-discovered-a-0-day-vulnerability-in-the-windows-kernel/#respond Sat, 31 Oct 2020 00:03:34 +0000 https://blog.gridinsoft.com/?p=4508 Google Project Zero has discovered a 0-day vulnerability in the Windows kernel (CVE-2020-17087). It has been reported that this bug could be exploited by an attacker with local access to escalate privileges and escape the sandbox. What is worse, it is already being used in targeted attacks. The vulnerability is related to the operation of… Continue reading Google Project Zero discovered a 0-day vulnerability in the Windows kernel

The post Google Project Zero discovered a 0-day vulnerability in the Windows kernel appeared first on Gridinsoft Blog.

]]>
Google Project Zero has discovered a 0-day vulnerability in the Windows kernel (CVE-2020-17087). It has been reported that this bug could be exploited by an attacker with local access to escalate privileges and escape the sandbox. What is worse, it is already being used in targeted attacks.

The vulnerability is related to the operation of the Windows Kernel Cryptography Driver (cng.sys), more specifically the cng!CfgAdtpFormatPropertyBlock function, and belongs to the category of buffer overflow bugs (pool-based buffer overflow).

We have identified a vulnerability in the processing of IOCTL 0x390400, reachable through the following series of calls: The integer overflow occurs in line 2, and if SourceLength is equal to or greater than 0x2AAB, an inadequately small buffer is allocated from the NonPagedPool in line 3. It is subsequently overflown by the binary-to-hex conversion loop in lines 5-10 by a multiple of 65536 bytes.describe the problems experts from Google Project Zero.

Researchers have published not only a written report on the vulnerability, but also a PoC exploit for it, the use of which can lead to the failure of vulnerable Windows devices, even if they are running the system with default settings.

The PoC exploit has been tested on the latest version of Windows 10 1903, but the researchers write that the vulnerability is present in other versions of the OS, starting at least with Windows 7.

Although the vulnerability was found only 8 days ago, experts decided quickly disclose the details of the problem, since hackers are already using it. Researchers have not disclosed details about these attacks, but according to the head of Google Project Zero, Ben Hawkes, the operation of CVE-2020-17087 has nothing to do with the US presidential election.

There is no patch for the vulnerability yet, and Hawkes reports that the release of the fix is expected only on the next “Patch Tuesday”, that is, November 10, 2020.

In addition to last week’s Chrome/freetype 0day (CVE-2020-15999), Project Zero also detected and reported the Windows kernel bug (CVE-2020-17087) that was used for a sandbox escape. Currently we expect a patch for this issue to be available on November 10. We have confirmed with the Director of Google’s Threat Analysis Group, Shane Huntley (@ShaneHuntley), that this is targeted exploitation and this is not related to any US election related targeting.posted by Ben Hawkes on Twitter.

Let me remind you that recently Google Project Zero specialists discovered and described many vulnerabilities in Apple’s operating systems.

The post Google Project Zero discovered a 0-day vulnerability in the Windows kernel appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/google-project-zero-discovered-a-0-day-vulnerability-in-the-windows-kernel/feed/ 0 4508
Google: 11 0-day vulnerabilities identified in the first half of 2020 https://gridinsoft.com/blogs/google-11-0-day-vulnerabilities-identified-in-the-first-half-of-2020/ https://gridinsoft.com/blogs/google-11-0-day-vulnerabilities-identified-in-the-first-half-of-2020/#respond Tue, 04 Aug 2020 16:38:05 +0000 https://blog.gridinsoft.com/?p=4143 Google Project Zero experts estimate that 11 0-day vulnerabilities, actively exploited by hackers, were identified in the first half of 2020. The current number of 0-day problems indicates that, most likely, that overall this year will be identified the same number of zero-day vulnerabilities, as in 2019 (20). The link above leads to the company’s… Continue reading Google: 11 0-day vulnerabilities identified in the first half of 2020

The post Google: 11 0-day vulnerabilities identified in the first half of 2020 appeared first on Gridinsoft Blog.

]]>
Google Project Zero experts estimate that 11 0-day vulnerabilities, actively exploited by hackers, were identified in the first half of 2020.

The current number of 0-day problems indicates that, most likely, that overall this year will be identified the same number of zero-day vulnerabilities, as in 2019 (20).

The link above leads to the company’s internal statistics, which Google specialists collected and tracked since 2014. So, for the first half of 2020, experts included the following problems in their list.

1. Firefox (CVE-2019-17026)

The bug that received the identifier CVE-2019-17026 was discovered by experts from the Chinese company Qihoo 360, and it was associated with the work of IonMonkey – the JavaScript JIT compiler SpiderMonkey, the main component of the Firefox kernel responsible for JavaScript operations (JavaScript engine of the browser). The vulnerability has been classified as type confusion.

The patches are included with Firefox 72.0.1 and are available here.

2. Internet Explorer (CVE-2020-0674)

The problem was exploited by the North Korean hacker group DarkHotel, in conjunction with the aforementioned 0-day bug in the Firefox browser. Both issues have been used to track targets in China and Japan, and have been discovered by Qihoo 360 and JP-CERT experts. Victims of this campaign were redirected to a site where either a Firefox or IE vulnerability was exploited; later victims were infected with the RAT Gh0st.

The patches are included in the February “Patch Tuesday” and are available here.

3. Chrome (CVE-2020-6418)

The vulnerability was identified by experts from the Google Threat Analysis Group, but there are no details about the attacks that exploited the problem.

The bug was fixed with the release of Chrome version 80.0.3987.122, patches are available here.

4 and 5. Trend Micro OfficeScan (CVE-2020-8467 and CVE-2020-8468).

Trend Micro employees spotted both zero days. The bugs supposely have been discovered when Trend Micro investigated a different, older zero-day issue in the same product, used for hacking of Mitsubishi Electric.

The patches can be found here.

6 and 7. Firefox (CVE-2020-6819 and CVE-2020-6820)

Detailed information about the attacks that used these 0-days has not yet been published, although cybersecurity researchers speculate that these problems could be part of a chain of exploits.

Vulnerabilities are fixed in Firefox 74.0.1, patches are available here.

8, 9, and 10. Microsoft (CVE-2020-0938, CVE-2020-1020, and CVE-2020-1027)

Google experts found and reported about all three bugs to Microsoft engineers. As with most other Google Threat Analysis Group “discoveries”, the details of these issues are kept secret and nothing is known about the attacks. The vulnerabilities were fixed as part of the April “update Tuesday”, patches are available here.

11. Sophos XG Firewall (CVE 2020-12271)

Earlier in 2020, an unknown group of hackers discovered and exploited this vulnerability. Later Sophos experts said that using the bug, hackers tried to deploy the Ragnarok ransomware on infected hosts, but the company said that it blocked most of the attempts.

Patches are available here.

Let me remind you that in 2019, Google specialists discovered 20 zero-day vulnerabilities, 11 of which were found in Microsoft products.

11 0-day vulnerabilities identified

At the same time, experts explain that Microsoft has the most bugs, as there are more security tools designed to detect bugs in Windows.

The post Google: 11 0-day vulnerabilities identified in the first half of 2020 appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/google-11-0-day-vulnerabilities-identified-in-the-first-half-of-2020/feed/ 0 4143
Researcher remotely hacked iPhone using only one vulnerability https://gridinsoft.com/blogs/researcher-remotely-hacked-iphone-using-only-one-vulnerability/ https://gridinsoft.com/blogs/researcher-remotely-hacked-iphone-using-only-one-vulnerability/#respond Fri, 10 Jan 2020 20:23:20 +0000 https://blog.gridinsoft.com/?p=3342 Researcher in a few minutes remotely hacked iPhone using only Apple ID and exploiting only the CVE-2019-8641 vulnerability, due to which he gained access to the user’s accounts and passwords on the device and activated the camera. Vulnerabilities in software that could compromise a system without user intervention (for example, without clicking on a malicious… Continue reading Researcher remotely hacked iPhone using only one vulnerability

The post Researcher remotely hacked iPhone using only one vulnerability appeared first on Gridinsoft Blog.

]]>
Researcher in a few minutes remotely hacked iPhone using only Apple ID and exploiting only the CVE-2019-8641 vulnerability, due to which he gained access to the user’s accounts and passwords on the device and activated the camera.

Vulnerabilities in software that could compromise a system without user intervention (for example, without clicking on a malicious link by the victim) present a great interest to security researchers. Experts from Google Project Zero, who have devoted the study of this issue over the past few months, are not an exception.

On Thursday, January 9, Google Project Zero security researcher Samuel Gross from Google Project Zero demonstrated how he can remotely hack an iPhone, access passwords, messages, email and activate the camera with a microphone with just one Apple ID in a few minutes.

“All of this is possible without any user interaction (e.g. opening a URL sent by an attacker) or visual indicator (e.g. notifications) being displayed to the user. The attack exploits a single vulnerability, CVE-2019-8641 to first bypass ASLR, then execute code on the target device outside of the sandbox.”, — writes Samuel Gross.

The researcher described his attack method in three separate articles on the Google Project Zero blog. The first provides technical details about the vulnerability, the second describes how to hack ASLR, and the third explains how remotely execute code on an attacked device bypassing the sandbox.

During the attack, Gross exploited the only vulnerability in iOS 12.4 (CVE-2019-8641), fixed by Apple in August last year with the release of iOS 12.4.1. With its help, he bypassed ASLR technology, designed to complicate the operation of certain types of vulnerabilities.

ASLR provides for changing the location in the process address space of important data structures (executable file images, loaded libraries, heaps and stacks). However, the attack, which demonstrated Gross, rises doubt on the effectiveness of ASLR.

“The study was mainly motivated by the following question: is it possible with the use of single remote vulnerability for memory impairment to achieve remote code execution on iPhone without using other vulnerabilities and without any user interaction? A series of my publications proves that yes, it is indeed possible”, – Gross said.

A key insight of this research was that ASLR, which in theory should offer strong protection in this attack scenario, is not as strong in practice.

Overall, the life is getting more and more dangerous, as recently, another researcher demonstrated that TikTok could be hacked using SMS.

Take care of yourself, remember about information hygiene and use Gridinsoft 🙂

The post Researcher remotely hacked iPhone using only one vulnerability appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/researcher-remotely-hacked-iphone-using-only-one-vulnerability/feed/ 0 3342