The Project Zero team today announced an updated vulnerability disclosure policy for 2021. It follows changes made last year to better address perennial concerns from the broader security community.
project zero Stories April 15
project zero Stories July 22, 2020
Apple today launched a Security Research Device Program to help third parties find iPhone and iPad vulnerabilities. Google’s Project Zero team says its won’t be able to use the modified iOS devices because the program imposes restrictions that prevent 90-day disclosures.
project zero Stories May 8, 2020
Samsung patches security vulnerability impacting all Galaxy phones sold since 2014
Android gets a lot of flak for security, but most of the time errors can be traced back to changes that were made to the open-source platform. This week, a security vulnerability in every Android phone Samsung has sold since 2014 was patched after being exposed by Google’s Project Zero.
project zero Stories February 14, 2020
Being the biggest Android OEM, Samsung and Google are generally close partners. Google’s Project Zero, though, is tasked with finding bugs and security exploits. This week, Google is calling out Samsung for an issue on the Galaxy A50, specifically mentioning Samsung’s “unnecessary changes” to Android’s core kernel.
project zero Stories January 7, 2020
Project Zero is widely regarded for finding major vulnerabilities, but criticized by industry peers for their relatively fast disclosure times. For 2020, the security team is trialing a new policy where a full 90 days will be given before disclosing issues.
project zero Stories September 6, 2019
Google stands by iOS vulnerability research following Apple rebuttal
Apple today released a rebuttal to the security vulnerabilities that Google detailed in depth last week and called it “one of the largest attacks against iPhone users ever.” The iOS maker took issue with several key points, but Google is standing by its works.
project zero Stories July 4, 2019
Google’s Project Zero reveals now-fixed iMessage flaw which could crash iPhones
Google’s Project Zero often discovers flaws in the software of other companies and gives 90 days for those flaws to be fixed before revealing them to the public. Today, Google has taken the wraps off of a flaw with Apple’s iMessage which would cause iPhones to repeatedly crash. Thankfully, Apple has already fixed it.
project zero Stories March 4, 2019
Google Project Zero team reveals ‘high severity’ flaw in macOS kernel, working w/ Apple on a patch
Google’s Project Zero team is well-known for revealing the bugs and security flaws within systems from Google itself, as well as other big companies. Most recently, the team at Google has reported and publicly disclosed a “high severity” flaw in the macOS kernel which can grant an attacker access to a users computer without their knowledge.
project zero Stories January 3, 2018
Over the past 24 hours, the tech industry has been rocked by a wide-ranging CPU vulnerability. Discovered by Google’s Project Zero security team last year, details of the exploits have now officially emerged. Meanwhile, Google has provided a full list of mitigation status for its products from Android to enterprise services.
project zero Stories September 14, 2016
Google has made a big push for security over the past couple of years, and a big part of that has been beefing up Android security and pushing out fixes for vulnerabilities on a regular basis. We’ve seen that in Google’s monthly Android security updates, which have been relatively successful so far with some OEMs keeping devices somewhat up to date. Now the company is introducing another method to find Android vulnerabilities, a hacking contest by Project Zero…
project zero Stories February 16, 2015
Google announced its Project Zero initiative in the middle part of last year, and now the Mountain View company is making some amendments to the rules for disclosure of bugs it finds in vendors’ software. There has been a 90-day deadline in place since the launch of the program, and that seems to be working well according to a post on the Project Zero blog, but the company says that it has taken into consideration “external feedback around some of the corner cases” and made some changes. expand full story
project zero Stories December 12, 2014
Today’s sketchy Samsung Galaxy S6 leak is almost surely bogus
We saw the supposed Samsung Galaxy S6 leak this morning, but we just weren’t convinced of its legitimacy enough to even show it to you as a sketchy rumor. It’s a good thing we didn’t, because a new report from Faryaab Sheikh–a very reliable source in the world of Samsung rumors–says this morning that he has received separate confirmation from many sources saying that the picture is definitely not a Galaxy S6 prototype.
project zero Stories July 15, 2014
Google today announced a new initiative it is calling “Project Zero,” a broad attempt at reducing the number of internet users that are harmed every day by a variety of different types of targeted attacks. Google believes that everyone should be able to use the internet without constant worry that attackers might use software vulnerabilities nefariously, and due to that, the Mountain View corporation has assembled a team of experienced security researchers to help improve security across the internet.
