Posted
by
Soulskill
MojoKid writes:
Going
on a bug hunt might not sound like the most exciting thing in the
world, but for Project Zero, the name for a team of security analysts
tasked by Google with finding zero-day exploits, a good old fashioned
bug hunt is both exhilarating and productive.
As a result of Project
Zero's efforts to root out security flaws in Samsung's Galaxy S6 Edge device
(and by association, likely the entire Galaxy S6 line), owners are now
more secure.
The team gave themselves a week to root out
vulnerabilities, and to keep everyone sharp, the researchers made a
contest out of it pitting the North American and European participants
against each other.
Their efforts resulted in the discovery of 11 vulnerabilities, the "most interesting" of which was CVE-2015-7888.
It's a directory traversal bug that allows a file to be written as a
system. Project Zero said it was trivially exploitable, though it's also
one of several that Samsung has since fixed.
No comments:
Post a Comment
Spammers, stay out. Only political and video game discussion here.