Samsung Exynos chips have 18 zero-day vulnerabilities
The flaws could compromise certain Samsung chips in dozens of Android models, wearables, and vehicles. Project Zero head Tim Willis confirmed in a recent blog post that the team had discovered and reported 18 zero-day vulnerabilities in Exynos modems produced by Samsung.
They include four top-se... Read more
Major smartphone manufacturers fail to patch Android vulnerabilities
Google Project Zero disclosed that several smartphone manufacturers have failed to provide patches for vulnerabilities in Android GPUs.
Google Project Zero, a security division focussed on identifying vulnerabilities, warns that several Android smartphone manufacturers have yet to release fixes... Read more
‘Software vendors fix security bugs in 52 days on average’
Software vendors take an average of 52 days to resolve reported security issues. This is concluded by Google security researchers on the basis of last year's findings.
Under the banner of Project Zero, Google's security specialists actively hunt for threats in software by Google and other vendo... Read more
Zoom was vulnerable to buffer overflows and memory leaks
Project Zero found two vulnerabilities in Zoom, which have since been patched. Clients of users were found to be susceptible to buffer overflows. Data from central Zoom servers was successfully leaked from outside the network.
The vulnerabilities were found by Natalie Silvanovich, a security res... Read more
Project Zero gives users 30 days to install patches
Google Project Zero has added a 30-day period to the 90-day period in which it releases details of zero-days. The initiative still gives companies 90 days to release patches, but users will then have 30 days to install them.
In a blog post, Project Zero says that the initiative is adjusting its ... Read more
Update for iOS fixes actively exploited zero-days
In an update for iOS, Apple fixes three zero-day vulnerabilities that were being actively exploited. The leaks were found by Google's Project Zero research group.
In addition to iOS, the vulnerabilities were also present in iPadOS, which is largely the same operating system. The new update fixes... Read more
Project Zero discloses an active exploited Windows 10 vulnerability
Google’s project zero announced that hackers have been exploiting an active Windows 10 zero-day that is not likely to be patched soon. The patch will probably arrive in two weeks. Google’s longstanding policy about vulnerability involves giving Microsoft a seven-day deadline to fix the flaw, wh... Read more
Google Project Zero now waits 90 days with announcing vulnerability
From now on, software developers no longer have to fear that their users will have too little time to carry out an update that resolves a vulnerability. From now on, Google Project Zero will use a fixed number of days (ninety) before it reports that a defect has been found.
Previously, Project Z... Read more
Google Project Zero: slow patches Linux are dangerous for users
The developers of Ubuntu and Debian receive a warning from Googles Project Zero. Project Zero researcher Jann Horn, who found the Meltdown and Spectre bugs, calls on them to update their Linux distros more quickly. Otherwise, users will be exposed to threats for an unnecessarily long time.
According... Read more