Zero Days In-the-Wild Series (CVE-2020-6418, CVE-2020-0938, CVE-2020-1020, CVE-2020-1027)

On January 12, 2021, Google Project Zero published a six-part report on hacking operation targeted for Windows and Android devices. Exploit servers in the hacking operation contained 4 Google chrome vulnerabilities, 2 sandbox escape exploits and publicly known privilege escalation n-day exploits. Of these, 4 were still zero-day at the time of its discovery. Following … Continue reading “Zero Days In-the-Wild Series (CVE-2020-6418, CVE-2020-0938, CVE-2020-1020, CVE-2020-1027)”

AES-GCM bug in the firmware of Google’s Titan M chip (CVE-2019-9465)

Summary: An android bug was observed in Google’s Android smartphones, using the Titan M chip through the Android Keystore API for AES-GCM in a specific way lead to predictable and bogus ciphertext. Description: Android Keystore, StrongBox and the Titan M chip are the key components that leads to this bug’s discovery. The Android Keystore is … Continue reading “AES-GCM bug in the firmware of Google’s Titan M chip (CVE-2019-9465)”

BlueBorne: Bluetooth Attack Vector

A new attack vector called ‘BlueBorne‘ has been discovered. The name is a play on the word ‘airborne’ as it allows attackers to take over devices on air-gapped networks. This attack was disclosed by Armis Lab. The vulnerabilities exploited by this attack affects Android, Linux, Windows, and iOS version less than 10. Targets can be compromised regardless of the … Continue reading “BlueBorne: Bluetooth Attack Vector”