Google Project Zero specialists presented a report according to which software vendors began to fix 0-day vulnerabilities faster. For example, last year organizations needed less time than in previous years to fix 0-day vulnerabilities discovered by experts. On average, companies took 52 days to fix bugs, while three years ago they needed an average of… Continue reading Google analysts noticed that software vendors began to fix Zero-day vulnerabilities faster
Tag: Google Project Zero
Google says that a quarter of all 0-day vulnerabilities are new variations of old problems
Google analysts studied the 0-day vulnerabilities they discovered in 2020, and concluded that almost a quarter of the problems are new variations of already known bugs that had previously received patches. The authors of the report write that many problems could have been avoided if the developers immediately corrected their products more thoroughly. In 2020,… Continue reading Google says that a quarter of all 0-day vulnerabilities are new variations of old problems
Cybersecurity expert created an exploit to hack iPhone via Wi-Fi
Google Project Zero expert Ian Beer has demonstrated an exploit to hack iPhone and other iOS devices remotely and without user interaction. The underlying critical vulnerability CVE-2020-3843, discovered by the researcher, made it possible to remotely steal sensitive data from any device in the Wi-Fi hotspot without any user’s interaction. The exploit, which Bier worked… Continue reading Cybersecurity expert created an exploit to hack iPhone via Wi-Fi
Google Chrome fixed second 0-day vulnerability in two weeks
Google developers have released Chrome version 86.0.4240.183 for Windows, Mac and Linux, which fixed 10 different problems. The update also includes a patch for a 0-day vulnerability in Google Chrome, which hackers are already actively using. The bug was identified as CVE-2020-16009 and was discovered by the Threat Analysis Group (TAG), Google’s internal security team… Continue reading Google Chrome fixed second 0-day vulnerability in two weeks
Google Project Zero discovered a 0-day vulnerability in the Windows kernel
Google Project Zero has discovered a 0-day vulnerability in the Windows kernel (CVE-2020-17087). It has been reported that this bug could be exploited by an attacker with local access to escalate privileges and escape the sandbox. What is worse, it is already being used in targeted attacks. The vulnerability is related to the operation of… Continue reading Google Project Zero discovered a 0-day vulnerability in the Windows kernel
Google: 11 0-day vulnerabilities identified in the first half of 2020
Google Project Zero experts estimate that 11 0-day vulnerabilities, actively exploited by hackers, were identified in the first half of 2020. The current number of 0-day problems indicates that, most likely, that overall this year will be identified the same number of zero-day vulnerabilities, as in 2019 (20). The link above leads to the company’s… Continue reading Google: 11 0-day vulnerabilities identified in the first half of 2020
Researcher remotely hacked iPhone using only one vulnerability
Researcher in a few minutes remotely hacked iPhone using only Apple ID and exploiting only the CVE-2019-8641 vulnerability, due to which he gained access to the user’s accounts and passwords on the device and activated the camera. Vulnerabilities in software that could compromise a system without user intervention (for example, without clicking on a malicious… Continue reading Researcher remotely hacked iPhone using only one vulnerability