Sabitlenmiş Tweet
The slides for my Black Hat talk "XMPP Stanza Smuggling or How I Hacked Zoom" are now available at #xmpp-stanza-smuggling-or-how-i-hacked-zoom-26618" target="_blank" rel="nofollow noopener">blackhat.com/us-22/briefing…
English
Ivan Fratric 💙💛
1.2K posts
Ivan Fratric 💙💛
@ifsecure
Tech lead and security researcher at Google Project Zero. Author: Jackalope, TinyInst, WinAFL, Domato. PhD. Tweets are my own. Backup @[email protected]
Katılım Ağustos 2011
208 Takip Edilen18.8K Takipçiler
Ivan Fratric 💙💛 retweetledi
Just derestricted a now-fixed kernel bug in Pixel 10. I think this ranks as the most easily exploited kernel bug of all time😬
Thanks to @tehjh for collab'ing on this driver and full credits for noticing this bug in the first 5 minutes of auditing😂
project-zero.issues.chromium.org/issues/4634382…
English
@cl4sm Yes, exactly, coverage is poor aproximation for state. I don't think better state approximation and mutational fuzzing are mutually exclusive, mutational fuzzer benefits from better state.
English
@ifsecure Cool blog! The first problem feels like an issue with coverage being a poor approx. for program state. But approaches like IJON haven’t seen much success AFAIK in the real world. Do you think prob 1 gets fixed with better state approx or is the mutational fuzzer still needed?
English
I wrote a short blogpost on the quirks of grammar fuzzing (and, more generally, structure-aware fuzzing) and a simple trick I used to get more bugs out of it more quickly. projectzero.google/2026/03/mutati…
English
Jackalope and Tinyinst have been working on arm64 macs for a while, but now you should also be able to run against arm64e binaries (i.e. binaries that ship with the os) with some modification to the system. For details, see github.com/googleprojectz…
English
Ivan Fratric 💙💛 retweetledi
In the final part of his blog series, @tiraniddo tells the story of how a bug was introduced into a Windows API.
Code re-writes can improve security, but it’s important not to forget the security properties the code needs to enforce in the process.
projectzero.google/2026/02/gphfh-…
English
How a single feature was responsible for 5 Windows Administrator Protection bypasses, in a new Project Zero blog post by @tiraniddo
Natalie Silvanovich@natashenka
Part 2 of @tiraniddo’s Windows Administrator Protection journey is here! projectzero.google/2026/02/window…
English
Ivan Fratric 💙💛 retweetledi
Part 2 of @tiraniddo’s Windows Administrator Protection journey is here!
projectzero.google/2026/02/window…
English
New Project Zero blogpost by @dillon_franke on exploiting a coreaudiod bug on macOS. Quite a journey with a lot of unexpected roadblocks and how Dillon pulled it off in the end. projectzero.google/2026/01/sound-…
English
Windows Administrator Protection is set to replace UAC, but as a supported security boundary. James Forshaw breaks it down in a new Project Zero blogpost. The blogpost features a tricky bypass that leverages multiple subtle Windows kernel quirks.
Natalie Silvanovich@natashenka
No security feature is perfect. @tiraniddo reviewed Windows’ new Administrator Protection and found several bypasses. projectzero.google/2026/26/window…
English
New Project Zero blogpost series describing a 0-click exploit chain targeting Pixel 9, featuring a Dolby decoder bug spotted by yours truly.
Natalie Silvanovich@natashenka
Today, Project Zero released a 0-click exploit chain for the Pixel 9. While it targets the Pixel, the 0-click bug and exploit techniques we used apply to most other Android devices. projectzero.google/2026/01/pixel-…
English
Ivan Fratric 💙💛 retweetledi
Today, Project Zero released a 0-click exploit chain for the Pixel 9. While it targets the Pixel, the 0-click bug and exploit techniques we used apply to most other Android devices.
projectzero.google/2026/01/pixel-…
English
Project Zero has a new blog at projectzero.google and boy, do we have some some great content in store. For now, you can read two never published drafts as well as a guest post from Benoît from Threat Intelligence Group with an indepth analysis of an Android 0click exploit.
English
Ivan Fratric 💙💛 retweetledi
We launched a redesigned Project Zero website today at projectzero.google !
To mark the occasion, we released some older posts that never quite made it out of drafts.
Enjoy!
English
Ivan Fratric 💙💛 retweetledi
📢📢📢 Our Patch Rewards Program rules were updated to explicitly encourage batched submissions, and place every Google-filed OSS vulnerability explicitly into scope (thanks for your feedback).
Interested in getting rewarded for your awesome OSS security work? g.co/prp
English
Ivan Fratric 💙💛 retweetledi
An analysis of a recent 0-click exploit targeting Samsung devices:
googleprojectzero.blogspot.com/2025/12/a-look…
English
v8 heap sandbox just got harder.
Samuel Groß@5aelo
V8 now has a JS bytecode verifier! IMO a good example for the benefits of a sandbox architecture: - Hard: verify that bytecode is correct (no memory corruption) - Easier: verify that it's secure (no out-of-sandbox memory corruption) Basically separates correctness from security
English
Ivan Fratric 💙💛 retweetledi
V8 now has a JS bytecode verifier!
IMO a good example for the benefits of a sandbox architecture:
- Hard: verify that bytecode is correct (no memory corruption)
- Easier: verify that it's secure (no out-of-sandbox memory corruption)
Basically separates correctness from security
English
Ivan Fratric 💙💛 retweetledi
We derestricted a number of vulnerabilities found by Big Sleep in JavaScriptCore today: issuetracker.google.com/issues?q=compo…
All of them were fixed in the iOS 26.1 (and equivalent) update last month. Definitely some cool bugs in there!
English
Ivan Fratric 💙💛 retweetledi
WhatsApp Android: Contact gating bypass in groups, leading to interactionless media download project-zero.issues.chromium.org/issues/4424259…
English
Ivan Fratric 💙💛 retweetledi
[POC2025] Talks are now UP ONLINE!
Talks from #POC2025 are now publicly available on YouTube!
Enjoy the sessions - see you again at POC2026!
@pocsecurity" target="_blank" rel="nofollow noopener">youtube.com/@pocsecurity
English