Found 12 bookmarks
Custom sorting
The curious tale of a fake Carrier.app
The curious tale of a fake Carrier.app
Although this looks like the real My Vodafone carrier app available in the App Store, it didn't come from the App Store and is not the real application from Vodafone. TAG suspects that a target receives a link to this app in an SMS, after the attacker asks the carrier to disable the target's mobile data connection. The SMS claims that in order to restore mobile data connectivity, the target must install the carrier app and includes a link to download and install this fake app.
#googleprojectzero#EN#2022#Hermit#ios#CVE-2021-30983#Vodafone#rcslab
·googleprojectzero.blogspot.com·
The curious tale of a fake Carrier.app
Project Zero: An Autopsy on a Zombie In-the-Wild 0-day
Project Zero: An Autopsy on a Zombie In-the-Wild 0-day
Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding the root cause of the bug. This allows us to then understand if it was fully fixed, look for variants, and brainstorm new mitigations. This blog is the story of a “zombie” Safari 0-day and how it came back from the dead to be disclosed as exploited in-the-wild in 2022. CVE-2022-22620 was initially fixed in 2013, reintroduced in 2016, and then disclosed as exploited in-the-wild in 2022. If you’re interested in the full root cause analysis for CVE-2022-22620, we’ve published it here.
#googleprojectzero#EN#2022#0-day#Safari#CVE-2022-22620#Apple
·googleprojectzero.blogspot.com·
Project Zero: An Autopsy on a Zombie In-the-Wild 0-day
The curious tale of a fake Carrier.app
The curious tale of a fake Carrier.app
Although this looks like the real My Vodafone carrier app available in the App Store, it didn't come from the App Store and is not the real application from Vodafone. TAG suspects that a target receives a link to this app in an SMS, after the attacker asks the carrier to disable the target's mobile data connection. The SMS claims that in order to restore mobile data connectivity, the target must install the carrier app and includes a link to download and install this fake app.
#googleprojectzero#EN#2022#Hermit#ios#CVE-2021-30983#Vodafone#rcslab
·googleprojectzero.blogspot.com·
The curious tale of a fake Carrier.app
Project Zero: An Autopsy on a Zombie In-the-Wild 0-day
Project Zero: An Autopsy on a Zombie In-the-Wild 0-day
Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding the root cause of the bug. This allows us to then understand if it was fully fixed, look for variants, and brainstorm new mitigations. This blog is the story of a “zombie” Safari 0-day and how it came back from the dead to be disclosed as exploited in-the-wild in 2022. CVE-2022-22620 was initially fixed in 2013, reintroduced in 2016, and then disclosed as exploited in-the-wild in 2022. If you’re interested in the full root cause analysis for CVE-2022-22620, we’ve published it here.
#googleprojectzero#EN#2022#0-day#Safari#CVE-2022-22620#Apple
·googleprojectzero.blogspot.com·
Project Zero: An Autopsy on a Zombie In-the-Wild 0-day
The curious tale of a fake Carrier.app
The curious tale of a fake Carrier.app
Although this looks like the real My Vodafone carrier app available in the App Store, it didn't come from the App Store and is not the real application from Vodafone. TAG suspects that a target receives a link to this app in an SMS, after the attacker asks the carrier to disable the target's mobile data connection. The SMS claims that in order to restore mobile data connectivity, the target must install the carrier app and includes a link to download and install this fake app.
#googleprojectzero#EN#2022#Hermit#ios#CVE-2021-30983#Vodafone#rcslab
·googleprojectzero.blogspot.com·
The curious tale of a fake Carrier.app
Project Zero: An Autopsy on a Zombie In-the-Wild 0-day
Project Zero: An Autopsy on a Zombie In-the-Wild 0-day
Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding the root cause of the bug. This allows us to then understand if it was fully fixed, look for variants, and brainstorm new mitigations. This blog is the story of a “zombie” Safari 0-day and how it came back from the dead to be disclosed as exploited in-the-wild in 2022. CVE-2022-22620 was initially fixed in 2013, reintroduced in 2016, and then disclosed as exploited in-the-wild in 2022. If you’re interested in the full root cause analysis for CVE-2022-22620, we’ve published it here.
#googleprojectzero#EN#2022#0-day#Safari#CVE-2022-22620#Apple
·googleprojectzero.blogspot.com·
Project Zero: An Autopsy on a Zombie In-the-Wild 0-day