As you may have heard, Whatsapp discovered a security issue in their client which was actively exploited in the wild. The exploit did not require the target to pick up the call which is really scary. Since there are not many facts to go on, lets do some tea reading… The security advisory issued by […]
fuzzing
How Janus Battled libFuzzer and Won (Alessandro Toppi)
Thanks to work initiated by Google Project Zero, fuzzing has become a popular topic within WebRTC since late last year. It was clear WebRTC was lacking in this area. However, the community has shown its strength by giving this topic an immense amount of focus and resolving many issues. In a previous post, we showed […]
Let’s get better at fuzzing in 2019 – here’s how
Fuzzing is a Quality Assurance and security testing technique that provides unexpected, often random data to a program input to try to break it. Natalie Silvanovich from Google’s Project Zero team has had quite some fun fuzzing various different RTP implementations recently. She found vulnerabilities in: WebRTC — mostly issues in the RTP payload Facetime – a […]