all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit

Add to bookmarks
g
Oct. 13, 2023, 10:47 a.m. | noreply@blogger.com (Google Project Zero)

Project Zero googleprojectzero.blogspot.com

By Ian Beer



A graph representation of the sandbox escape NSExpression payload



In April this year Google's Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious link. The chain was reported to Apple under a 7-day disclosure deadline and Apple released iOS 16.4.1 on April 7, 2023 fixing CVE-2023-28206 and CVE-2023-28205.



Over the last few years Apple has been hardening the Safari WebContent (or "renderer") process …

amnesty amnesty international analysis apple april attacks collaboration escape exploit exploit chain google gpu graph ian international ios iphone link malicious malicious link payload process representation safari sandbox sandbox escape targeted attacks threat threat analysis threat analysis group under zero-day zero-day exploit

Visit resource

More from googleprojectzero.blogspot.com / Project Zero

Pr
The Windows Registry Adventure #2: A brief history of the feature 1 week, 2 days ago | googleprojectzero.blogspot.com
database feature google google project zero +13
Pr
The Windows Registry Adventure #1: Introduction and research results 1 week, 2 days ago | googleprojectzero.blogspot.com
bugs december december 2023 escalation +22
Pr
First handset with MTE on the market 5 months, 3 weeks ago | googleprojectzero.blogspot.com
arm back brand device +12
Pr
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit 6 months, 2 weeks ago | googleprojectzero.blogspot.com
amnesty amnesty international analysis apple +29
Pr
Analyzing a Modern In-the-wild Android Exploit 7 months, 1 week ago | googleprojectzero.blogspot.com
actor analysis android android devices +19
Pr
Summary: MTE As Implemented 8 months, 3 weeks ago | googleprojectzero.blogspot.com
access arm blog blog post +13
Pr
MTE As Implemented, Part 1: Implementation Testing 8 months, 3 weeks ago | googleprojectzero.blogspot.com
access architecture arm brand +12
Pr
MTE As Implemented, Part 3: The Kernel 8 months, 3 weeks ago | googleprojectzero.blogspot.com
access architecture arm brand +11
Pr
MTE As Implemented, Part 2: Mitigation Case Studies 8 months, 3 weeks ago | googleprojectzero.blogspot.com
access architecture arm brand +14

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Associate Principal Security Engineer

@ Activision Blizzard | Work from Home - CA
View on infosec-jobs.com

Security Engineer- Systems Integration

@ Meta | Bellevue, WA | Menlo Park, CA | New York City
View on infosec-jobs.com

Lead Security Engineer (Digital Forensic and IR Analyst)

@ Blue Yonder | Hyderabad
View on infosec-jobs.com

Senior Principal IAM Engineering Program Manager Cybersecurity

@ Providence | Redmond, WA, United States
View on infosec-jobs.com

Information Security Analyst II or III

@ Entergy | The Woodlands, Texas, United States
View on infosec-jobs.com
View more jobs