continueКакой сумрачный гений из #GoogleProjectZero решил встроить картинки прямо в atom?
$ curl -s --head https://projectzero.google/feed.xml | grep content-length
content-length: 17723364Более 16 мегабайт, что бы просто обновить ленту публикаций...
N-gated Hacker NewsGoogle's Project Zero: where they defeat advanced security measures by doing absolutely 🤷 nothing. Apparently, the best way to crack #KASLR is to sit back and let the linear mapping do it for you. Who knew hacking could be so chill? 🍹🔓
https://googleprojectzero.blogspot.com/2025/11/defeating-kaslr-by-doing-nothing-at-all.html #GoogleProjectZero #HackingChill #CyberSecurity #LinearMapping #HackerNews #ngated
https://googleprojectzero.blogspot.com/2025/11/defeating-kaslr-by-doing-nothing-at-all.html #GoogleProjectZero #HackingChill #CyberSecurity #LinearMapping #HackerNews #ngated
GnomerI’m looking for a feed that aggregates recent reverse engineering and vulnerability centric security writeups, like the ones posted by Google project zero. I know there are many different security firms and academics that post these kind of articles now and then, but I’m having a hard time with discovery as every news site or feed I find is focused on cybersecurity threats and CVEs, or simply just malware actor reports.
Does anyone have something that fits the bill?
#reverseengineering #googleprojectzero #projectzero #vulnerability #vulnerability_research
Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware. This hardware requires supporting drivers, meaning that many different codebases carry the potential to compromise a significant segment of Android phones. There are recent public examples of third-party drivers containing serious vulnerabilities that are exploited on Android. While there exists a well-established body of public (and In-the-Wild) security research on Android GPU drivers, other chipset components may not be as frequently audited so this research sought to explore those drivers in greater detail.
#GoogleProjectZero: Address Sanitizer for Bare-metal Firmware
To provide custom implementations for the necessary runtime routines, the Clang toolchain exposes an interface for address sanitization through the-fsanitize=kernel-address compiler option. The KASan runtime routines implemented in the Linux kernel serve as a great example of how to define a KASan runtime for targets which aren’t supported by default with -fsanitize=address. We'll demonstrate how to use the version of address sanitizer originally built for the kernel on other bare-metal targets.
apfeltalk 
Sicherheitsupdate für Safari unterstützt ältere macOS-Versionen
Apple hat ein wichtiges Update für den Safari Webbrowser herausgegeben. Dieses Update zielt darauf ab, Nutzer:innen älterer macOS-Versionen vor aktuellen Sich
https://www.apfeltalk.de/magazin/news/sicherheitsupdate-fuer-safari-unterstuetzt-aeltere-macos-versionen/
#Mac #News #MacOSMonterey #MacOSVentura #Softwareaktualisierung #WebRTCSchwachstelle #IOS1677 #NickGalloway #Apple #GoogleProjectZero #Safari #Sicherheitsupdate
Apple hat ein wichtiges Update für den Safari Webbrowser herausgegeben. Dieses Update zielt darauf ab, Nutzer:innen älterer macOS-Versionen vor aktuellen Sich
https://www.apfeltalk.de/magazin/news/sicherheitsupdate-fuer-safari-unterstuetzt-aeltere-macos-versionen/
#Mac #News #MacOSMonterey #MacOSVentura #Softwareaktualisierung #WebRTCSchwachstelle #IOS1677 #NickGalloway #Apple #GoogleProjectZero #Safari #Sicherheitsupdate
#GoogleProjectZero: First handset with MTE on the market
Since I first heard about ARM's Memory Tagging Extensions, I've said (to far too many people at this point to be able to back out…) that I'd immediately switch to the first available device that supported this feature. It's been a long wait (since late 2017) but with the release of the new Pixel 8 / Pixel 8 Pro handsets, there's finally a production handset that allows you to enable MTE!Analyzing a Modern In-the-wild Android Exploit
Интересный анализ реально эксплуатируемой цепочки уязвимостей в Android.
#GoogleProjectZero: MTE (ARM Memory Tagging Extensions) As Implemented
- Intro
- Part 1: Implementation Testing. An objective summary of the tests performed, and some basic analysis. If you're interested in implementing a mitigation based on MTE, you should read this document first as it will give you more detailed technical background.
- Part 2: Mitigation Case Studies. A subjective assessment of the impact of various mitigation approaches based on the use of MTE in various user-mode contexts, based on our experiences during the tests performed in Part 1. If you're not interested in implementing a mitigation based on MTE, but you are interested in the limits of how effective such a mitigation might be, you can skip Part 1 and start here.
- Part 3: The Kernel. A subjective assessment of the additional issues faced in using MTE for a kernel-mode mitigation.
MatthiasIf I would drive one of the latest #Volkswagen models (including #Audi #Seat #Skoda #Porsche and more) I would be worried a little bit.
Usually in this kind of electronics the Volkswagen brands use the same or similar base tech stack.
I hope they got faster in their defect fixing and roll out.
I would like to know which models are affected as of now.
https://www.sammobile.com/news/three-new-samsung-exynos-automotive-chips-launched-volkswagen/
#ExynosModem #Samsung #GoogleProjectZero #ZeroDayExploit #CVE-2023-24033
