CVE-2019-20771

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService allows unconfirmed configuration changes via a modified OMACP message. The LG ID is LVE-SMP-190006 August 2019...

CVE-2019-20771

CVE-2019-20771 affects LG mobile devices running Android 7.x–9.x. The WapService component is vulnerable to unconfirmed configuration changes via a modified OMACP message, enabling change of device configuration without user confirmation. Root cause: unverified OMACP processing in WapService (LG ...

PT-2020-12910 · Google +2 · Android +2

Name of the Vulnerable Software and Affected Versions: LG mobile devices with Android OS versions 8.0 through 10.0 Description: An issue was discovered that allows an attacker to gain privileges due to improper exception handling in the MTK kernel. Recommendations: For Android OS versions 8.0...

CVE-2019-13758

Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

WhatsApp, Telegram Coding Blunders Can Expose Personal Media Files

Though WhatsApp and Telegram tout themselves as secure messaging services, faulty developer coding that allows cyberattackers to intercept media files sent on the Android versions of the services like photos and videos, documents and voice memos undercuts that claim. The security weakness, dubbed...

Out-of-bounds

In rwt3thandlegetscpollrsp of rwt3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0...

CVE-2018-9591

In btahhctrldatact of btahhact.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User...

PEPPERL+FUCHS CT50-Ex

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: PEPPERL+FUCHS Equipment: CT50-Ex Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious third-party application to...

Google Patches Critical Vulnerabilities in Android OS

Google patched six critical remote code execution flaws in its Android operating system as part of its October Android Security Bulletin. Four of those remote code execution flaws are tied to Android’s Media framework and impact a wide range of Android devices including Google’s Pixel and Nexus...

CVE-2018-14825

On Honeywell Mobile Computers CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e...

CVE-2018-14825

On Honeywell Mobile Computers CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e...

Android OS WiFi Broadcast Sensitive Data Exposure

Blog post here: https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/ TITLE Sensitive Data Exposure via WiFi Broadcasts in Android OS CVE-2018-9489 SUMMARY System broadcasts by Android OS expose information about the users...

CVE-2018-6598

An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices. Any app co-located on the device can send an intent to factory reset the device programmatically because of com.android.server.MasterClearReceiver. This does not require any user interactio...

Design/Logic Flaw

An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices. Any app co-located on the device can send an intent to factory reset the device programmatically because of com.android.server.MasterClearReceiver. This does not require any user interactio...

Google Patches Critical Remote Code Execution Bugs in Android OS

Google issued 44 patches for its Android operating system as part of its July Security Bulletin this week. Of those vulnerabilities, 11 were rated critical and the remainder were rated high in severity. The vulnerabilities varied from OS framework to Media framework bugs, including system and...

The vulnerability of the Qualcomm Radio Interface Layer component in the Android operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Qualcomm Radio Interface Layer component in the Android operating system is related to a memory reclamation error. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the confidentiality, integrity, and accessibility of protected...

A week in security (June 18 – June 24)

Last week, we took a deep dive into SamSam ransomware, looked at ways how to identify and delete malicious emails, recognized that there are now risks affecting job recruitment portals, analyzed a malicious Android app banking on the popularity of Fortnite, and identified causes and solutions for...

Android OS FLAG_SECURE Information Disclosure

Blog post here: https://wwws.nightwatchcybersecurity.com/2018/05/24/android-os-didnt-use-flagsecure-for-sensitive-settings-cve-2017-13243/ SUMMARY Android OS did not use the FLAGSECURE flag for sensitive settings, potentially exposing sensitive data to other applications on the same device with t...

CVE-2018-5828

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wmaextscanstartstopeventhandler, vdevid comes from the variable event from firmware and is not properly validated...

Google Patches 11 Critical Bugs in March Android Security Bulletin

Google patched 11 critical vulnerabilities in its Android operating system this week, seven of which are remote code execution bugs. In total, 37 flaws were patched, with 26 rated as high severity. The most severe of the bugs is a critical security vulnerability found in the Media Framework...