Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Dissecting NSO's BLASTPASS: A Zero-Click iOS Exploit

2025-03-27
Dissecting NSO's BLASTPASS: A Zero-Click iOS Exploit

Ian Beer of Google Project Zero details the analysis of NSO Group's BLASTPASS iMessage exploit. This zero-click attack chain leveraged a maliciously crafted WebP image disguised as a PassKit attachment to bypass the iMessage sandbox. Exploiting a Huffman coding vulnerability in the lossless WebP format, the attackers triggered memory corruption. A sophisticated 5.5MB bplist heap groom within a MakerNote EXIF tag facilitated memory overwriting during TIFF image rendering. This triggered a forged CFReadStream's destructor, executing malicious code. The attack cleverly exploited vulnerabilities in ImageIO and Wallet, bypassing BlastDoor sandbox and Pointer Authentication Codes (PAC). HomeKit traffic may have been used for ASLR disclosure. The analysis reveals the complex techniques used, highlighting the need for robust sandbox mechanisms and a reduced remote attack surface.

Read more
(googleprojectzero.blogspot.com)
Tech iOS vulnerability zero-click exploit NSO Group

Multiple Vulnerabilities in Qualcomm DSP Driver Raise Security Concerns

2024-12-16

Google's Project Zero team discovered six vulnerabilities in a Qualcomm DSP driver, one of which was exploited in the wild. Analysis of kernel panic logs provided by Amnesty International, without access to the exploit sample itself, revealed the flaws. A code review uncovered multiple memory corruption vulnerabilities, including use-after-free and refcount leaks. The attacker likely leveraged these vulnerabilities with inotify_event_info object heap spraying to achieve code execution. This highlights the critical need for improved security in Android's third-party drivers.

Read more
(googleprojectzero.blogspot.com)
Tech Qualcomm DSP driver vulnerabilities