CVE-2020-25057

CVE-2020-25057 affects LG mobile devices running Android 10, where MDMService does not properly restrict APK installations. This is the core described issue across multiple sources linked to LG’s LVE-SMP-200011 (July 2020). Concrete details in the connected documents are limited to the affected c...

CVE-2020-25059

CVE-2020-25059 affects LG mobile devices running Android OS 7.2, 8.0, 8.1, 9, and 10. The issue is a service crash caused by incorrect input validation (LG ID LVE-SMP-200013). No further technical details (exploit paths, specific components, or remediation) are provided in the connected documents...

CVE-2020-25059

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A service crash may occur because of incorrect input validation. The LG ID is LVE-SMP-200013 July 2020...

CVE-2020-25061

CVE-2020-25061 affects LG mobile devices running Android 9–10 on Verizon’s network. The flaw resides in the lge_property mechanism, which allows property overwrites, revealing a root cause related to improper handling of property writes. Reported impact includes partial confidentiality, integrity...

CVE-2020-25061

An issue was discovered on LG mobile devices with Android OS 9 and 10 software on the VZW network. lgeproperty allows property overwrites. The LG ID is LVE-SMP-200016 July 2020...

CVE-2020-25062

CVE-2020-25062 describes a privilege-bypass in LGTelephonyProvider on LG Android devices (9/10). Affected product: LG mobile devices running Android 9–10; root cause: bypass of intended privilege restrictions in LGTelephonyProvider (LG internal ID LVE-SMP-200017). Impact is reported as high to cr...

CVE-2020-25062

An issue was discovered on LG mobile devices with Android OS 9 and 10 software. LGTelephonyProvider allows a bypass of intended privilege restrictions. The LG ID is LVE-SMP-200017 July 2020...

CVE-2020-25063

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. An application crash can occur because of incorrect application-level input validation. The LG ID is LVE-SMP-200018 July 2020...

CVE-2020-25063

CVE-2020-25063 affects LG mobile devices running Android OS 7.2, 8.0, 8.1, 9, and 10. The issue stems from incorrect application-level input validation in an LG component, causing an application crash (LG ID LVE-SMP-200018, July 2020). Documents do not provide additional technical details such as...

CVE-2020-25064

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 August 2020...

CVE-2020-25064

Technical details (affected products, vulnerable component, root cause, exploit information) are not provided in the connected documents. Monitor for updates from LG/Security advisories.

CVE-2020-25065

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Key logging may occur because of an obsolete API. The LG ID is LVE-SMP-170010 August 2020...

CVE-2020-25065

CVE-2020-25065 affects LG mobile devices running Android 4.4–10. The issue is that an obsolete API enables key logging, leading to potential confidentiality impact (C:H) with no integrity/availability impact. Root cause described as use of an obsolete API; CVSS:3.1 base score 7.5 (Network attack ...

CVE-2020-25058

CVE-2020-25058 affects LG mobile devices running Android 8.0–10, where the network_management service fails to properly restrict configuration changes. Root cause: insufficient access control in the network_management component. Impact is stated as high across confidentiality, integrity, and avai...

Twitter Fixes High-Severity Flaw Affecting Android Users

Twitter has fixed a vulnerability in its Android app, which could have enabled attackers to access private Twitter data, like direct messages DMs on Android devices. The flaw is related to an underlying Android operating system OS security issue CVE-2018-9492, which affects operating system...

We found yet another phone with pre-installed malware via the Lifeline Assistance program

We have discovered, yet again, another phone model with pre-installed malware provided from the Lifeline Assistance program via Assurance Wireless by Virgin Mobile. This time, an ANS American Network Solutions UL40 running Android OS 7.1.1. After our writing back in January—"United States...

CVE-2020-13842

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 MTK chipsets. A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 June 2020...

CVE-2020-13843

An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 June 2020...

CVE-2020-13840

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 MTK chipsets. Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 June 2020...

CVE-2020-13839

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 MTK chipsets. Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 June 2020...