We also posted the RCA of CVE-2022-41073. #itw0days googleprojectzero.github.io/0days-in-the-w…

Apple releases iOS 15.7.1 and iPadOS 15.7.1 software updates patching Kernel zero-day CVE-2022-42827 ('An application may be able to execute arbitrary code with kernel privileges'). #itw0days support.apple.com/en-us/HT213490

I saw a new Chrome patch coming, wonder what is it? Nothing @ chromereleases.googleblog.com so far.

Bet on #itw0days ?

In short, a zero-day hacking contest is better reflecting the real-world threat landscape (reducing #itw0days ?), and I hope a contest like #PWN2OWN could help that. :)

One Windows in-the-wild 0-day in today's patch Tues: CVE-2022-24521. Discovered by NSA and Crowdstrike 🔥 #itw0days

msrc.microsoft.com/update-guide/v…

Microsoft patches in-the-wild 0-day in Windows CSRSS: CVE-2022-22047. Kudos to MSTIC and MSRC for discovery. #itw0days

msrc.microsoft.com/update-guide/v…

Maddie Stone Accordingly to your recent post :) - thank you for the shared info and for the #itw0days initiative (if we can say that ^^)

The TAG blog describing the chain is here ⬇️
#itw0days

blog.google/threat-analysi…

Another WebKit zero-day (CVE-2022-42856) apparently exploited in the wild (against 'versions of iOS released before iOS 15.1') #itw0days
Safari: support.apple.com/en-us/HT213537
tvOS: support.apple.com/en-us/HT213535
iOS: support.apple.com/en-us/HT213531
macOS: support.apple.com/en-us/HT213532

RT @[email protected]
First in-the-wild 0-day of 2023 🔥

CVE-2023-21674: Windows ALPC elevation of privilege discovered by Avast

msrc.microsoft.com/update-guide/e…

All 2023 itw 0-days will be tracked here: docs.google.com/spreadsheets/d…

#itw0days
infosec.exchange/@maddiestone/1…

Slides for my 2022 Year in Review presentation at #Zer0Con2023 ! Thank you POC_Crew 👨‍👩‍👦‍👦 for a great conference! #itw0days
github.com/maddiestone/Co…

UnderNews_fr: RT Maddie Stone: 2021 was a wild year for 0-day exploitation detection. 2021 was also full of Google Project Zero & TAG publishing lots of good (in my biased opinion) stuff on 0-day exploits. 🧵ICYMI here they are:

#itw0days

IronHusky APT uses zero-day on Windows servers #MysterySnail #PatchTuesday #itw0days
securelist.com/mysterysnail-a…

✨New RCA up for Chromium 0-day CVE-2022-1096. Patched in March 2022. And it even has a tweetable trigger! #itw0days

style = document.createElement('p').style;
style.prop = { toString: () => {
style.prop = 1;
}};

googleprojectzero.github.io/0days-in-the-w…

Apple's new iOS 16.1 and iPadOS 16 software updates patch Kernel zero-day CVE-2022-42827 ('An application may be able to execute arbitrary code with kernel privileges'). #itw0days support.apple.com/en-us/HT213489

Chrome patches an in-the-wild 0-day: CVE-2023-2136, an integer overflow in Skia. Discovered by clem1 of Google TAG 🎯 #itw0days

Kudos to Chrome on some super quick patching -- 3 days for the RCE, patched on Friday, and 6 days for this sbx escape. 👏🏽

chromereleases.googleblog.com/2023/04/stable…

#itw0days

Apple announces it has patched WebKit type confusion bug CVE-2023-23529 on iOS/iPadOS 16.3.1. “Apple is aware of a report that this issue may have been actively exploited.” #itw0days support.apple.com/en-us/HT213635

Adrian Taylor Maddie Stone clem1 Neel Mehta Samuel Groß Am I the only one that reads #itw0days in this context as 'I two 0-days' like some kind of scout badge or achievement level?

3 in-the-wild 0-days patched in the last two days:
* CVE-2022-2856 in Chrome discovered by Ashley Shen & PewZ of Google TAG
* CVE-2022-32893 in Safari
* CVE-2022-32894 in iOS/macOS kernel

docs.google.com/spreadsheets/d…
#itw0days