Ivan Fratric shares some tips and tricks for grammar fuzzing
https://projectzero.google/2026/03/mutational-grammar-fuzzing.html
Natalie Silvanovich
- 1,047 Followers
- 129 Following
- 74 Posts
Tamagotchi hacker. Google Project Zero. she/her
Our intrepid 20%-er @dillonfranke exploited a vulnerability in CoreAudio. See his process for gaining privilege escalation on a Mac:
Make sure to check out the full series here: https://projectzero.google/2026/01/pixel-0-click-part-1.html
Supply-chain issues also played a role: both vulnerabilities were patched very slowly, due to a variety of factors including bug prioritization, licensing and communication between vendors.
Attack surface reduction is also important— the UDC is largely used by commercial media like TV shows, most devices don’t even have an encoder.
Does it really need to be 0-click?
IMO, the biggest takeaway from this research is the huge promise shown by memory mitigations, both hardware and software, in protecting users against 0-days.
IMO, the biggest takeaway from this research is the huge promise shown by memory mitigations, both hardware and software, in protecting users against 0-days.
We hope this flag makes it out of Clang experimental, and more vendors start using it!
Remarkably, iOS also integrates the UDC in a 1-click context, but this bug is not exploitable, because the codec is compiled with -fbounds-safety, which inserted bounds checking instructions, making the bug unreachable.