352

Google fixes two Pixel zero-day flaws exploited by forensics firms. GrapheneOS discovered and reported these flaws.(www.bleepingcomputer.com)

posted
by
Avatar
ForgottenFlux@lemmy.world
in
Avatar
privacyguides@lemmy.one
17 comments
hidereport

More Information: GrapheneOS Mastodon account

Sort:
HotTopControversialNewOld
Avatar
NoStepOnPython@lemmy.ml
42 points

Friendly reminder GrapheneOS relies on donations from those who realize the value it provides! https://grapheneos.org/donate

permalink
report
reply
Avatar
Mr. Semi@lemmy.world
26 points
*
Deleted by creator
permalink
report
reply
Avatar
booly@sh.itjust.works
7 points
*

disclosed active exploitation

So, not a fucking zero day.

I’m confused. Isn’t an active exploit that hasn’t been patched yet, by definition, a zero day? So the release of a new patch that closes an actively exploited vulnerability patches a zero-day?

permalink
report
parent
reply
Avatar
Mr. Semi@lemmy.world
13 points
*
Deleted by creator
permalink
report
parent
reply
Avatar
booly@sh.itjust.works
7 points

A zero day is an exploit that has been identified by someone but not yet used.

I’ve always understood that the counting of days comes from the vendor’s knowledge. So any exploit from before Google was aware of the vulnerability would be a zero day.

It wouldn’t make any sense to refer to the days counted from when an attacker first discovers the vulnerability, because by definition any vulnerability in active exploitation wouldn’t be a zero day.

permalink
report
parent
reply
Show more comments
Avatar
brakebreaker101@lemmy.world
5 points

I was so excited to see zero-day in the title, and then I was disappointed that zero-day was in the title.

permalink
report
parent
reply
Avatar
Gooey0210@sh.itjust.works
3 points

It can be a zero click 🫣

permalink
report
parent
reply
Avatar
deFrisselle@lemmy.sdf.org
20 points

Interestingly, GrapheneOS isn’t secure enough for Niantic games

permalink
report
reply
Avatar
Christoph Schmees@social.tchncs.de
11 points
Removed by mod
permalink
report
parent
reply
Avatar
hash@lemmy.world
9 points

Well that’s mildly disappointing. Been on GrapheneOS for a while and been considering picking up Pokemon Go just to get out and about more.

permalink
report
parent
reply
Avatar
deFrisselle@lemmy.sdf.org
1 point

Pokemon Go works for now Ingress is a no go Not sure about the other Niatic games

permalink
report
parent
reply
Avatar
Scolding0513@sh.itjust.works
2 points

explain?

permalink
report
parent
reply
Avatar
deFrisselle@lemmy.sdf.org
2 points

Niantic doesn’t consider it secure enough due to the Google Play Store security check only being Basic not Strong

permalink
report
parent
reply
Avatar
ninchuka@lemmy.oneM
1 point

thats google safety net which only allows apps that use that check to be installed on google verified OS’s which graphene cant become

permalink
report
parent
reply
Avatar
Scolding0513@sh.itjust.works
18 points

I hate talking like a zoomer, but damn it, Graphene is the GOAT, as usual

permalink
report
reply
Avatar
xycu@programming.dev
1 point

The acronym GOAT has been around since well before those zoomers were born, probably before most of their parents were born, so don’t feel too embarrassed!

permalink
report
parent
reply
Avatar
jet@hackertalks.com
18 points

This is how the ecosystem improves! Kudos to the Graphene team!

permalink
report
reply

Privacy Guides

!privacyguides@lemmy.one

Create post

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.

You can subscribe to this community from any Kbin or Lemmy instance:

Learn more…

Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!

This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.

Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don’t ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don’t repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

Community stats

  • 594

    Monthly active users

  • 628

    Posts

  • 10K

    Comments

Community moderators