Samuel Groß

@5aelo

Works at Google Project Zero. Personal account.

Zürich, Switzerland
Joined May 2013

Tweets

You blocked @5aelo

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @5aelo

  1. Pinned Tweet
    Jan 9

    I'm very excited to share my blogpost series (including PoC code) about a remote, interactionless iPhone exploit over iMessage:

    Show this thread
    Undo
  2. Jan 9

    The README and various code comments hopefully also help explain how the PoC exploit works: and also

    Show this thread
    Undo
  3. Retweeted
    Jan 7

    At Google Project Zero, the team spends a *lot* of time discussing and evaluating vulnerability disclosure policies and their consequences. It's a complex and controversial topic! Here's P0's policy changes for 2020 (with our rationale for the changes):

    Undo
  4. 27 Dec 2019
    Undo
  5. 27 Dec 2019

    My talk on iMessage exploitation () starts in two hours. You can watch it in room Ada or on

    Undo
  6. 19 Nov 2019

    I'm very excited to talk iMessage exploitation at this year: . See you there hopefully!

    Undo
  7. 27 Oct 2019

    Today is the 3rd anniversary of "Attacking JavaScript Engines". Not a lot has changed, but I tried to briefly summarize the things that did: It's been a few month since my last interactions with JSC though, so any corrections/additions are very welcome :)

    Undo
  8. Retweeted
    3 Oct 2019

    Kernel privilege escalation bug in Android affecting fully patched Pixel 2 & others. Reported under 7 day deadline due to evidence of in-the-wild exploit. and I quickly wrote a POC to get arbitrary kernel r/w using this bug, released in tracker.

    Show this thread
    Undo
  9. Retweeted

    NEW REPORT: Missing Link: Tibetan Groups Targeted with 1-Click Mobile Exploits

    Undo
  10. 16 Sep 2019

    Short writeup for the "Dezhou Instrumentz" (iOS pwnable) challenge from qualifier this weekend: very cool CTF (again), thanks ! =)

    Undo
  11. 14 Sep 2019

    Very fun challenge indeed, thanks for preparing it! :)

    Undo
  12. 13 Sep 2019

    We also suggested further hardening measures based on the PoC exploit I wrote and hope to see some of them implemented in the future. I think in particular ASLR could be made much stronger on that attack surface

    Show this thread
    Undo
  13. 13 Sep 2019

    After looking at iOS 12.4.1 I'm happy to say that Apple has hardened iMessage by no longer allowing child classes during its NSUnarchiving (context: ). This prevents almost all of the vulnerabilities and I found from being remotely exploited :)

    Show this thread
    Undo
  14. Retweeted
    2 Sep 2019

    Contrary to some commentary, Project Zero's long form blogs are based on deep technical research into 0-days and novel exploitation, not a commentary on target populations or the wider threat space. Specifically though in this case (and as a one-off), I can tell you that...

    Show this thread
    Undo
  15. Retweeted
    31 Aug 2019

    Having spent most of this week editing 184-page “blogbook”, I’d like to highlight three things so they don’t get missed: 1. 's JSC exploit piece () on patch gapping and n-day bugs being used as an easy way to score 0-day like capabilities

    Show this thread
    Undo
  16. 30 Aug 2019

    Some of my takeaways from analyzing the browser exploits: - mostly known techniques/bug classes - attackers likely exploited patch gapping issue for some of the vulnerabilities - No PAC bypass, but keep in mind the last exploit was from January

    Undo
  17. Retweeted
    29 Aug 2019

    thanks to , for their joint work on this. This has been a huge effort to pull apart and document almost every byte of a multi-year in-the-wild exploitation campaign, which used 14 different iOS exploits.

    Show this thread
    Undo
  18. 9 Aug 2019

    In case you missed 's talk at this week, here is a video showing a remote exploit for one of the iMessage bugs we found: Be sure to read if you are interested in these kinds of attacks!

    Undo
  19. Retweeted

    Today, and I unrestricted five bugs in iMessage! Here are some highlights:

    Show this thread
    Undo
  20. 23 Jul 2019

    Fuzzilli finally has a decent type system: this should simplify tuning fuzzilli to target (or omit) specific builtins, methods, or properties and should improve the correctness rate a bit as well. Will also hopefully enable more cool stuff in the future =)

    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·