Project Zero

News and updates from the Project Zero team at Google

Latest articles

An iOS zero-click radio proximity exploit odyssey

Posted by Ian Beer, Project ZeroNOTE: This specific issue was fixed before the launch of Privacy-Preserving Contact Tracing in iOS 13.5 in May 2020.In this demo I remotely trigger an unauthenticated kernel memory corruption vulnerability which causes all iOS devices in radio-proximity to reboot, with no user interaction. Over the next 30'000 words I'll...

Oops, I missed it again!

Written by Brandon Azad, when working at Project ZeroThis is a quick anecdotal post describing one of the more frustrating aspects of vulnerability research: realizing that you missed a bug that was staring you in the face only once you see the patched version!Some suspicious codeAfter writing the oob_timestamp exploit, I spent some time trying to find...

Enter the Vault: Authentication Issues in HashiCorp Vault

 Posted by Felix Wilhelm, Project ZeroIntroductionIn this blog post I'll discuss two vulnerabilities in HashiCorp Vault and its integration with Amazon Web Services (AWS) and Google Cloud Platform (GCP). These issues can lead to an authentication bypass in configurations that use the aws and gcp auth methods, and demonstrate the type of issues you can...

Announcing the Fuzzilli Research Grant Program

Posted by Samuel Groß, Project ZeroProject Zero’s mission is to make 0-day hard in order to improve end-user security. We attack this problem in different ways, including supporting other security researchers. While Google currently offers research grants, they are limited to academics and those affiliated with universities. Today we are announcing...

Attacking the Qualcomm Adreno GPU

Posted by Ben Hawkes, Project ZeroWhen writing an Android exploit, breaking out of the application sandbox is often a key step. There are a wide range of remote attacks that give you code execution with the privileges of an application (like the browser or a messaging application), but a sandbox escape is still required to gain full system access.This...

JITSploitation I: A JIT Bug

By Samuel Groß, Project ZeroThis three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed in iOS 13.5, while two of the mitigation bypasses, CVE-2020-9870...

JITSploitation II: Getting Read/Write

Posted by Samuel Groß, Project ZeroThis three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed in iOS 13.5, while two of the mitigation bypasses, CVE-2020-9870...

JITSploitation III: Subverting Control Flow

Posted by Samuel Groß, Project ZeroThis three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed in iOS 13.5, while two of the mitigation bypasses, CVE-2020-9870...

MMS Exploit Part 5: Defeating Android ASLR, Getting RCE

Posted by Mateusz Jurczyk, Project ZeroThis post is the fifth and final of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. Previous posts are linked below:MMS Exploit Part 1: Introduction to the Samsung...

Exploiting Android Messengers with WebRTC: Part 3

Posted by Natalie Silvanovich, Project ZeroThis is a three-part series on exploiting messenger applications using vulnerabilities in WebRTC. CVE-2020-6514 discussed in the blog post was fixed on July 14 with these CLs.This series highlights what can go wrong when applications don't apply WebRTC patches and when the communication and notification of...

Discover, share and read the best on the web

Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.

Get Inoreader
Inoreader - Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters!