This is how the ecosystem improves! Kudos to the Graphene team!
What is in the dumped memory (for CVE-2024-29745 )?
Can the device encryption keys be extracted from this ? Or is it more random data?
Any chance we’ll be able to use these to gain root on a Pixel without unlocking the bootloader?
Interestingly, GrapheneOS isn’t secure enough for Niantic games
explain?
Niantic doesn’t consider it secure enough due to the Google Play Store security check only being Basic not Strong
Well that’s mildly disappointing. Been on GrapheneOS for a while and been considering picking up Pokemon Go just to get out and about more.
@deFrisselle @ForgottenFlux Perhaps #GrapheneOS (and other #custom-rom) is too secure? Because it prevents surveillance. Just thinking. 😉
Really annoyed by the term “zero day” being used for every kind of exploit now.
Everything in English speaking culture has to be either the best or the worst, every statement hyperbolized. It’s not just an exploit it’s a ZERO DAY OMG.
disclosed active exploitation
So, not a fucking zero day.
disclosed active exploitation
So, not a fucking zero day.
I’m confused. Isn’t an active exploit that hasn’t been patched yet, by definition, a zero day? So the release of a new patch that closes an actively exploited vulnerability patches a zero-day?
No.
A zero day is an exploit that has been identified by someone but not yet used. Zero days in use/disclosed.
Reporting should use the term “zero day” in the context of discovery when it is first used, not something that is in regular use by fucking forensics.
A zero day is an exploit that has been identified by someone but not yet used.
I’ve always understood that the counting of days comes from the vendor’s knowledge. So any exploit from before Google was aware of the vulnerability would be a zero day.
It wouldn’t make any sense to refer to the days counted from when an attacker first discovers the vulnerability, because by definition any vulnerability in active exploitation wouldn’t be a zero day.
Yeah… Unless Gen Z changed it, from 2008 to 2017 (when I got out of infosec) a 0day was an exploit that the vendor didn’t know about, and that only a few people knew about (otherwise it would be quickly known about by the vendor.)
I don’t know what @mrsemi@lemmy.world is on about, or who is upvoting them, but that would mean it’s no longer a 0day once you’ve discovered and made your own exploit for the vulnerability.
From wikipedia (still current to our definition, so I assume Gen Z hasn’t changed it):
A zero-day (also known as a 0-day) is a vulnerability or security hole in a computer system unknown to its owners, developers or anyone capable of mitigating it.[1] Until the vulnerability is remedied, threat actors can exploit it in a zero-day exploit, or zero-day attack.
I was so excited to see zero-day in the title, and then I was disappointed that zero-day was in the title.
It can be a zero click 🫣
I hate talking like a zoomer, but damn it, Graphene is the GOAT, as usual
Friendly reminder GrapheneOS relies on donations from those who realize the value it provides! https://grapheneos.org/donate
