I’m looking for a feed that aggregates recent reverse engineering and vulnerability centric security writeups, like the ones posted by Google project zero. I know there are many different security firms and academics that post these kind of articles now and then, but I’m having a hard time with discovery as every news site or feed I find is focused on cybersecurity threats and CVEs, or simply just malware actor reports.

Does anyone have something that fits the bill?
#reverseengineering #googleprojectzero #projectzero #vulnerability #vulnerability_research

Sicherheitsupdate für Safari unterstützt ältere macOS-Versionen
Apple hat ein wichtiges Update für den Safari Webbrowser herausgegeben. Dieses Update zielt darauf ab, Nutzer:innen älterer macOS-Versionen vor aktuellen Sich
https://www.apfeltalk.de/magazin/news/sicherheitsupdate-fuer-safari-unterstuetzt-aeltere-macos-versionen/
#Mac #News #MacOSMonterey #MacOSVentura #Softwareaktualisierung #WebRTCSchwachstelle #IOS1677 #NickGalloway #Apple #GoogleProjectZero #Safari #Sicherheitsupdate

Project Zero - Mind the Gap

https://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html

Поучительная история как минимум о двух аспектах современной индустрии:

• вендоры исправляют отрепорченные уязвимости очень "узко", не посмотрев нет ли проблемного кода вокруг:

Inspired by the description of an in-the-wild vulnerability in low-level memory management code, fellow Project Zero researcher Jann Horn started auditing the ARM Mali GPU driver. Over the next three weeks, Jann found five more exploitable vulnerabilities (2325, 2327, 2331, 2333, 2334).

One of these issues (2334) lead to kernel memory corruption, one (2331) lead to physical memory addresses being disclosed to userspace and the remaining three (2325, 2327, 2333) lead to a physical page use-after-free condition.

• производители конечных устройств просто не внедряют патчи в свои продукты:

In this case we discovered that all of our test devices which used Mali are still vulnerable to these issues. CVE-2022-36449 is not mentioned in any downstream security bulletins.

The vulnerabilities discussed in this blog post (CVE-2022-33917) are fixed by the upstream vendor, but at the time of publication, these fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo and others). Devices with a Mali GPU are currently vulnerable. 

Jailbreak für PS4 und PS5 schreitet voran
#Gaming #Jailbreaks #AndyNguyen #GoogleProjectZero #Jailbreak #KernalExploit #Sleirsgoevy #TheFlow #WebkitExploit https://tarnkappe.info/artikel/jailbreaks/jailbreak-fuer-ps4-und-ps5-schreitet-voran-243338.html

Windows Zero-Day Still Circulating After Faulty Fix - The LPE bug could allow an attacker to install programs; view, change, or delete data; or create n... https://threatpost.com/windows-zero-day-circulating-faulty-fix/162610/ #localprivilegeescalation #googleprojectzero #vulnerabilities #cve-2020-17008 #proofofconcept #windowszeroday #cve-2020-0986 #unpatched #badpatch

iPhone Bug Allowed for Complete Device Takeover Over the Air - Researcher Ian Beer from Google Project Zero took six months to figure out the radio-proximity exp... https://threatpost.com/iphone-bug-takeover-over-the-air/161748/ #memorycorruptionbug #googleprojectzero #vulnerabilities #mobilesecurity #threatactors #security #wireless #ianbeer #google #ipados #iphone #update #apple #radio #ipod #ios

Facebook Messenger Bug Allows Spying on Android Users - The company patched a vulnerability that could connected video and audio calls without the knowled... https://threatpost.com/facebook-messenger-bug-spying-android/161435/ #googleprojectzero #vulnerabilities #mobilesecurity #mobiledevices #vulnerability #securitybug #mobileapps #videocalls #voicecalls #messenger #facebook #android #google #spying #apple #flaw

2 More Google Chrome Zero-Days Under Active Exploitation - Browser users are once again being asked to patch severe vulnerabilities that can lead to remote c... https://threatpost.com/2-zero-day-bugs-google-chrome/161160/ #stablechannelrelease #remotecodeexecution #activelyexploited #googleprojectzero #vulnerabilities #remoteattackers #cve-2020-16013 #cve-2020-16017 #zerodayproject #securitybugs #websecurity #freetype #zero-day #browser #windows #chrome #google #apple #linux #patch #mac

Apple Patches Bugs Tied to Previously Identified Zero-Days - The actively exploited vulnerabilities discovered by Project Zero exist across iPhone, iPad and iP... https://threatpost.com/apple-patches-bugs-zero-days/161010/ #zero-dayvulnerabilities #googleprojectzero #vulnerabilities #mobilesecurity #threatactors #security #windows #google #ipados #iphone #apple #ipod #ios

Two Chrome Browser Updates Plugs Holes Actively Targeted by Exploits - Patches for both the Chrome desktop and Android browser address high-severity flaws with known exp... https://threatpost.com/chrome-holes-actively-targeted/160890/ #googlethreatanalysisgroup #remotecodeexecution #securityresearchers #googleprojectzero #vulnerabilities #mobilesecurity #securityupdate #javascript #bugbounty #zero-day #android #browser #chrome #google

Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape - Google Project Zero disclosed the bug before a patch becomes available from Microsoft. https://threatpost.com/unpatched-windows-zero-day-exploited-sandbox-escape/160828/ #localprivilegeescalation #securityvulnerability #googleprojectzero #vulnerabilities #7-daydisclosure #bufferoverflow #cve-2020-17087 #proofofconcept #sandboxescape #inthewild #windows10 #zero-day #exploit #windows #kernel #crash #ioctl #bug