Project Zero
Latest
Researchers call NSO zero-click iPhone exploit 'incredible and terrifying'
Google researchers have described NSO Group's zero-click exploit used to hack Apple devices as 'incredible and terrifying.'
Google's Project Zero will wait longer before disclosing security flaws
Google's Project Zero security team will wait an extra 30 days before disclosing vulnerability details so end-users have enough time to patch software.
iPhone exploit gave hackers control over WiFi without your input
Apple recently fixed an iOS exploit that let intruders control your phone over WiFi without any interaction on your part.
Google's new policy gives developers more time to address security flaws
Google's Project Zero disclosure program is supposed to encourage releases of security fixes in a timely fashion, but things haven't gone according to plan. Premature disclosures, half-hearted fixes and other issues have been a little too common. The company might address some of those problems in 2020, though. It recently revised its policies in a bid to encourage both more "thorough" security patches and wider adoption of those patches. Most notably, Google will wait 90 days to disclose a flaw even if it's fixed well ahead of that deadline. If developers act quickly, they'll have more time to both distribute patches and make sure that fixes address the root cause of a flaw.
LastPass patched a bug that could have exposed your passwords
If you use LastPass to manage your passwords, now would be a good time to make sure you're running the latest version, 4.33.0. As Gizmodo reports, LastPass recently patched a bug that could have been used to compromise users' security credentials. The patch should have arrived automatically, but as a precaution, it's worth making sure you're running the September 12th update.
Google discloses 'high severity' Mac security flaw ahead of patch
Google's Project Zero security disclosure program is once again proving to be a double-edged sword. The company has detailed a "high severity" macOS kernel flaw that lets people modify a user-mounted file system image without the virtual management subsystem being any the wiser, theoretically letting an attacker go unnoticed by users. Apple is working on a patch, but the disclosure ahead of the fix could leave Mac users vulnerable until it's ready.
Daily Roundup: The future of HoloLens, VR at Sundance and more!
Can Microsoft deliver on its ambitious HoloLens project? Meanwhile, filmmaker Shari Frilot brings virtual reality to Sundance and Google starts disclosing unpatched security issues in OS X. Get caught up on today's technology news in the Daily Roundup.