UBUNTU-CVE-2018-9264

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency...

ALPINE-CVE-2018-9264

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency...

CVE-2017-5947

An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download EDL mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as...

Debugging Tool Left on OnePlus Phones, Enables Root Access

UPDATE Chinese phone maker OnePlus is accused of leaving a debugging app on its phones capable of giving adversaries root access to the devices. The application in question is called EngineerMode and is made by Qualcomm. An anonymous researcher who goes by the handle Elliot Alderson, a character ...

Multiple Lenovo VIBE phones elevation of privilege vulnerability

Android 6.0 Marshmallow is a Linux-based open source operating system developed by Google and the Open Handset Alliance OHA in the U.S. The Lenovo A2010-a and other smartphone products from China's Lenovo use the Android 6.0 Marshmallow operating system. The Lenovo A2010-a is a smartphone from...

Multiple Lenovo VIBE phones privilege access vulnerability

Android 6.0 Marshmallow is a Linux-based open source operating system developed by Google and the Open Handset Alliance OHA in the U.S. The Lenovo A2010-a and other smartphone products from China's Lenovo use the Android 6.0 Marshmallow operating system. The Lenovo A2010-a is a smartphone from...

CVE-2017-3749

On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750...

CVE-2017-3750

On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749...

Google Patches Android 'Custom Boot Mode' Vulnerability

A high-risk Android custom boot mode vulnerability was one of many bugs patched by Google as part of its January Android Security Bulletin released earlier this week. On Thursday, the IBM security team that discovered the vulnerability disclosed details about the flaw which leaves Nexus 6 and 6P...

CVE-2016-3876

providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFEBOOTDISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge adb tool, aka internal bug 29900345...

UBUNTU-CVE-2016-3876

providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFEBOOTDISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge adb tool, aka internal bug 29900345...

Malware-Laced Porn Apps Behind Wave of Android Lockscreen Attacks

Incidents of Android lockscreen malware masquerading as porn apps are a growing concern to security analysts who are forecasting an uptick in attacks. Once infected, Android users bitten by this malware appear to be locked out of their device and are forced to undergo a complex extraction of the...

Malicious APK Injection Vulnerability on Android Backup and Restore Processing

Android is a free and open-source Linux-based operating system for mobile devices such as smartphones and tablets, led and developed by Google Inc. and the Open Handset Alliance. Android handles system backups and then restores with a security vulnerability that allows an attacker to inject a...

Google Android 'bindBackupAgent()' function remote code execution vulnerability

Android is an operating system based on the Linux open kernel and is a mobile operating system announced on November 5, 2007 by Google Inc. Android version 4.4.4 suffers from an elevation of privilege and race condition vulnerability in the backup agent implementation. An attacker with access to...

[SECURITY] Fedora 21 Update: android-tools-20141219git8393e50-2.fc21

The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...

JVN#67792023: Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors

The OMAP mobile processor provided by Texas Instruments is used in some Android tablets, smartphones and other devices. The Syslink driver for some OMAP mobile processors is used to implement the communication of processes between the host and slave processors. The Syslink driver contains multipl...

CVE-2014-1909

Integer signedness error in system/core/adb/adbclient.c in Android Debug Bridge ADB for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow...

CVE-2014-1909

Integer signedness error in system/core/adb/adbclient.c in Android Debug Bridge ADB for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow...

DEBIAN-CVE-2014-1909

Integer signedness error in system/core/adb/adbclient.c in Android Debug Bridge ADB for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow...

CVE-2014-1909

Integer signedness error in system/core/adb/adbclient.c in Android Debug Bridge ADB for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow...