all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit

Add to bookmarks
g
Oct. 13, 2023, 10:47 a.m. | noreply@blogger.com (Google Project Zero)

Project Zero googleprojectzero.blogspot.com

By Ian Beer



A graph representation of the sandbox escape NSExpression payload



In April this year Google's Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious link. The chain was reported to Apple under a 7-day disclosure deadline and Apple released iOS 16.4.1 on April 7, 2023 fixing CVE-2023-28206 and CVE-2023-28205.



Over the last few years Apple has been hardening the Safari WebContent (or "renderer") process …

amnesty amnesty international analysis apple april attacks collaboration escape exploit exploit chain google gpu graph ian international ios iphone link malicious malicious link payload process representation safari sandbox sandbox escape targeted attacks threat threat analysis threat analysis group under zero-day zero-day exploit

Visit resource

More from googleprojectzero.blogspot.com / Project Zero

Pr
The Windows Registry Adventure #2: A brief history of the feature 1 month ago | googleprojectzero.blogspot.com
database feature google google project zero +13
Pr
The Windows Registry Adventure #1: Introduction and research results 1 month ago | googleprojectzero.blogspot.com
bugs december december 2023 escalation +22
Pr
First handset with MTE on the market 6 months, 2 weeks ago | googleprojectzero.blogspot.com
arm back brand device +12
Pr
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit 7 months ago | googleprojectzero.blogspot.com
amnesty amnesty international analysis apple +29
Pr
Analyzing a Modern In-the-wild Android Exploit 7 months, 4 weeks ago | googleprojectzero.blogspot.com
actor analysis android android devices +19
Pr
Summary: MTE As Implemented 9 months, 2 weeks ago | googleprojectzero.blogspot.com
access arm blog blog post +13
Pr
MTE As Implemented, Part 1: Implementation Testing 9 months, 2 weeks ago | googleprojectzero.blogspot.com
access architecture arm brand +12
Pr
MTE As Implemented, Part 3: The Kernel 9 months, 2 weeks ago | googleprojectzero.blogspot.com
access architecture arm brand +11
Pr
MTE As Implemented, Part 2: Mitigation Case Studies 9 months, 2 weeks ago | googleprojectzero.blogspot.com
access architecture arm brand +14

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Sr. Staff Firmware Engineer – Networking & Firewall

@ Axiado | Bengaluru, India
View on infosec-jobs.com

Compliance Architect / Product Security Sr. Engineer/Expert (f/m/d)

@ SAP | Walldorf, DE, 69190
View on infosec-jobs.com

SAP Security Administrator

@ FARO Technologies | EMEA-Portugal
View on infosec-jobs.com