
Fuzzing ImageIO - weinzierl
https://googleprojectzero.blogspot.com/2020/04/fuzzing-imageio.html
======
panpanna
So these could result in a no-click 0day on iOS? Thanks Google for finding and
reporting these to Apple.

I wonder how often vulnerabilities found by Google Zero were already known and
exploited by hackers without anyone noticing.

I mean, GZ is pretty open about their methodology. It doesn't require a rocket
scientist to duplicate them with different targets.

~~~
nielsbot
If you're talking about state actors, I'd bet real money that they have these
and in fact have an infrastructure that makes finding and exploiting them fast
and easy.

~~~
panpanna
I am not even about them, just some regular guy with interest in computer
security.

Author did this on a Mac mini so no real horsepower required either.

------
randyrand
An important self-realization, every app I install becomes a potential 0-click
remote attack surface. Does disabling notifications at least solve the 0-click
aspect?

