Who Contains the Containers?

Posted by James Forshaw, Project Zero This is a short blog post about a research project I conducted on Windows Server Containers that resulted in four privilege escalations which Microsoft fixed in March 2021. In the post, I describe what led to this research, my research process, and insights into what to look for if you’re researching this area.Windows...

2w

In-the-Wild Series: October 2020 0-day discovery

Posted by Maddie Stone, Project Zero In October 2020, Google Project Zero discovered seven 0-day exploits being actively used in-the-wild. These exploits were delivered via "watering hole" attacks in a handful of websites pointing to two exploit servers that hosted exploit chains for Android, Windows, and iOS devices. These attacks appear to be the...

4w

Déjà vu-lnerability

A Year in Review of 0-days Exploited In-The-Wild in 2020Posted by Maddie Stone, Project Zero2020 was a year full of 0-day exploits. Many of the Internet’s most popular browsers had their moment in the spotlight. Memory corruption is still the name of the game and how the vast majority of detected 0-days are getting in. While we tried new methods of...

Feb 2021

A Look at iMessage in iOS 14

Posted By Samuel Groß, Project ZeroOn December 20, Citizenlab published “The Great iPwn”, detailing how “Journalists [were] Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit”. Of particular interest is the following note: “We do not believe that [the exploit] works against iOS 14 and above, which includes new security protections''. Given...

Jan 2021

Windows Exploitation Tricks: Trapping Virtual Memory Access

Posted by James Forshaw, Project ZeroThis blog is a continuation of my series of Windows exploitation tricks. This one describes an exploitation trick I’ve been trying to develop for years, succeeding (mostly, more on that later) on the latest versions of Windows 10. It’s a trick to trap access to virtual memory, get feedback when it occurs and delay...

Jan 2021

The State of State Machines

Posted by Natalie Silvanovich, Project ZeroOn January 29, 2019, a serious vulnerability was discovered in Group FaceTime which allowed an attacker to call a target and force the call to connect without user interaction from the target, allowing the attacker to listen to the target’s surroundings without their knowledge or consent. The bug was remarkable...

Jan 2021

Hunting for Bugs in Windows Mini-Filter Drivers

Posted by James Forshaw, Project ZeroIn December Microsoft fixed 4 issues in Windows in the Cloud Filter and Windows Overlay Filter (WOF) drivers (CVE-2020-17103, CVE-2020-17134, CVE-2020-17136, CVE-2020-17139). These 4 issues were 3 local privilege escalations and a security feature bypass, and they were all present in Windows file system filter drivers....

Jan 2021

In-the-Wild Series: Windows Exploits

This is part 6 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, see the introduction post.Posted by Mateusz Jurczyk and Sergei Glazunov, Project ZeroIn this post we'll discuss the exploits for vulnerabilities in Windows that have been used by the attacker...

Jan 2021

In-the-Wild Series: Android Post-Exploitation

This is part 5 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, see the introduction post.Posted by Maddie Stone, Project ZeroA deep-dive into the implant used by a high-tier attacker against Android devices in 2020IntroductionThis post covers what happens...

Jan 2021

In-the-Wild Series: Android Exploits

This is part 4 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, see the introduction post.Posted by Mark Brand, Project ZeroA survey of the exploitation techniques used by a high-tier attacker against Android devices in 2020IntroductionAfter one of the Chrome...

Jan 2021