Cyberveilleby Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
6 résultats taggé googleprojectzero  ✕
The curious tale of a fake Carrier.app https://googleprojectzero.blogspot.com/2022/06/curious-case-carrier-app.html
24/06/2022 08:22:05
QRCode
archive.org
thumbnail

Although this looks like the real My Vodafone carrier app available in the App Store, it didn't come from the App Store and is not the real application from Vodafone. TAG suspects that a target receives a link to this app in an SMS, after the attacker asks the carrier to disable the target's mobile data connection. The SMS claims that in order to restore mobile data connectivity, the target must install the carrier app and includes a link to download and install this fake app.

googleprojectzero EN 2022 Hermit ios CVE-2021-30983 Vodafone rcslab
Project Zero: An Autopsy on a Zombie In-the-Wild 0-day https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html
21/06/2022 08:57:54
QRCode
archive.org

Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding the root cause of the bug. This allows us to then understand if it was fully fixed, look for variants, and brainstorm new mitigations. This blog is the story of a “zombie” Safari 0-day and how it came back from the dead to be disclosed as exploited in-the-wild in 2022. CVE-2022-22620 was initially fixed in 2013, reintroduced in 2016, and then disclosed as exploited in-the-wild in 2022. If you’re interested in the full root cause analysis for CVE-2022-22620, we’ve published it here.

googleprojectzero EN 2022 0-day Safari CVE-2022-22620 Apple
CVE-2022-22675: AppleAVD Overflow in AVC_RBSP::parseHRD | 0-days In-the-Wild https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2022/CVE-2022-22675.html
17/05/2022 16:35:10
QRCode
archive.org

Information about 0-days exploited in-the-wild!

CVE-2022-22675 googleprojectzero EN 2022 0-days iOS macOS
The More You Know, The More You Know You Don’t Know https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html
20/04/2022 07:58:06
QRCode
archive.org
thumbnail

A Year in Review of 0-days Used In-the-Wild in 2021

googleprojectzero EN 2022 2021 0-day 0-days Review Year
Google Project Zero: Vendors are now quicker at fixing zero-days https://www.bleepingcomputer.com/news/security/gooject-zero-vendors-are-now-quicker-at-fixing-zero-days/ogle-pr
11/02/2022 18:52:36
QRCode
archive.org

Google's Project Zero has published a report showing that organizations took less time to address the zero-day vulnerabilities that the team reported last year.

googleprojectzero EN 0-day metrics bleepingcomputer
A walk through Project Zero metrics https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html
11/02/2022 18:47:14
QRCode
archive.org
thumbnail
  • In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago.
  • In addition to the average now being well below the 90-day deadline, we have also seen a dropoff in vendors missing the deadline (or the additional 14-day grace period). In 2021, only one bug exceeded its fix deadline, though 14% of bugs required the grace period.
  • Differences in the amount of time it takes a vendor/product to ship a fix to users reflects their product design, development practices, update cadence, and general processes towards security reports. We hope that this comparison can showcase best practices, and encourage vendors to experiment with new policies.
  • This data aggregation and analysis is relatively new for Project Zero, but we hope to do it more in the future. We encourage all vendors to consider publishing aggregate data on their time-to-fix and time-to-patch for externally reported vulnerabilities, as well as more data sharing and transparency in general.
googleprojectzero metrics bug 0-day EN
406 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn - Curated by Decio