Google to Acquire GraphicsFuzz

Company which is engaged in the search for vulnerabilities in the graphics drivers for Android
07 August 2018   100

Google acquired the GraphicsFuzz, which is engaged in the search for vulnerabilities in the graphics drivers for Android. The announcement of the purchase appeared on the main page of the site last. The representative of the IT giant also confirmed the completion of the deal, but did not name its value.

The method of driver testing was invented by researchers from the Faculty of Computing Technology at Imperial College London. It includes fuzzing, with which the vulnerability check is performed by the transfer of intentionally incorrect values, as well as a metamorphic technique that confirms the successful or unsuccessful passing of the test. A detailed description of the technology is published on the project website.

So, in April 2018, the GraphicsFuzz team discovered a vulnerability in the Adreno 630 graphics accelerator. It allowed to remotely reset the Samsung Galaxy S9 smartphone with the Snapdragon 845 processor.

The company hopes that the technology will help to find and fix vulnerabilities in GPUs before they are exploited by intruders.

The deal became known on the day of release of the final version of Android 9 Pie. The updated system has acquired the function Adaptive Battery, which uses machine learning to reduce energy consumption.

Sonatype to Create Vulnerability Checker Tool

New tool is called DepShield and available in the "Security" section of the GitHub Marketplace
16 August 2018   111

Sonatype has introduced a tool for developers called DepShield, which checks the code on GitHub for vulnerabilities.

The free version of the service is looking for vulnerabilities in the OSS Index database and gives recommendations on how to fix them. In the commercial version, you can configure automatic fixing of problems. Also in DepShield there are:

  • work with the Apache Maven framework;
  • View a list of known vulnerabilities in GitHub's Issue Tracker;
  • determine the range of versions for each vulnerability.

DepShield
DepShield

DepShield is available in the "Security" section of the GitHub Marketplace.

GitHub has introduced two new features that will help improve security and simplify the recovery of accounts. For this, the company recommends setting a strong password and two-factor authentication.