CVE-2014-7953 Android backup agent code execution

Android backup agent arbitrary code execution --------------------------------------------- The Android backup agent implementation was vulnerable to privilege escalation and race condition. An attacker with adb shell access could run arbitrary code as the system 1000 user or any other valid...

Google Android Operating System < 4.4.0 Multiple Vulnerabilities

Binary data 8664.prm...

JVN#81094176: Android OS may behave as an open resolver

A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Android OS contains an issue where it may behave as an open resolver when the tethering function is enabled. Impact The Android device may be used in a DNS...

Installer Hijacking Vulnerability in Android Devices

A vulnerability in Google's Android OS has been discovered that could allow an attacker to change or replace a seemingly safe Android application with malware during installation. An attacker exploiting this vulnerability could access and steal user data on compromised devices without user...

Google Android Operating System < 4.4.4 Multiple Vulnerabilities

Binary data 8328.prm...

Design/Logic Flaw

Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which 1 the certificate of the last loaded resource is checked, instead of for the main...

CVE-2010-4832

Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which 1 the certificate of the last loaded resource is checked, instead of for the main...

CVE-2010-4832

The CVE-2010-4832 issue affects Android OS prior to 2.2, where an incorrect SSL certificate may be displayed in certain cases, allowing remote attackers to spoof trusted sites. The root cause is that certificate verification could be performed against the certificate of the last loaded resource o...

JVN#22670349: AndExplorer vulnerable to directory traversal

AndExplorer provided by LYSESOFT contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges to...

Samsung KNOX - An Encrypted Virtual Operating system for Android Devices

Last year Samsung launched a security feature called 'KNOX' for high-end enterprise mobile devices. It's a nice security addition and free with new Samsung handsets such as the Galaxy Note 3 and Samsung Galaxy S4. Samsung Knox is an application that creates a virtual partition container within th...

JVN#51285738: tetra filer vulnerable to directory traversal

tetra filer provided by Yuichiro Okuyama contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has...

JVN#53768697: Android OS vulnerable to arbitrary Java method execution

Android OS contains a vulnerability where an arbitrary Java method may be executed. Impact When viewing a specially crafted page using the standard Android browser or an other application that uses the WebView class, Android OS may be rebooted or arbitrary code may be executed without intent from...

JVN#79301570: Angel Browser vulnerable in the WebView class

Angel Browser is a web browser for Android devices. Angel Browser contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Update the software Update to...

Mobile Malware Is Up – Way Up – in McAfee Q2 Threat Report

McAfee Labs researchers today announced a surge in malware samples this year – particularly threats that take advantage of mobile networks to launch drive-by downloads, control botnets using Twitter and spread ransomware that locks down infected machines and demand payments from users. The Santa...

ClubHack Sec Conference 2011 - Hacking your Android

Document Title: =============== ClubHack Sec Conference 2011 - Hacking your Android References: =========== Download: http://www.vulnerability-lab.com/resources/videos/459.wmv View: http://www.clubhack.tv/2011/hacking-your-droid-aditya-gupta/ Release Date: ============= 2012-02-27 Vulnerability...

ClubHack Sec Conference 2011 - Hacking your Android

Document Title: =============== ClubHack Sec Conference 2011 - Hacking your Android References: =========== Download: http://www.vulnerability-lab.com/resources/videos/459.wmv View: http://www.clubhack.tv/2011/hacking-your-droid-aditya-gupta/ Release Date: ============= 2012-02-27 Vulnerability...

Google Android Operating System 2.3 < 2.3.6 Information Disclosure

Binary data 6297.prm...

Mobile Madness

Admit it. It would scarcely break your heart if the legions of slack-jawed smartphone Facebook and FourSquare gawkers were forced to confront their own digital mortality – however briefly – with a few scary exploits made just for them. In 2011, the untethered among us saw several mobile security...

Android Also Gives Google Remote App Installation Power

The remote-wipe capability that Google recently invoked to remove a harmless application from some Android phones isn’t the only remote control feature that the company built into its mobile OS. It turns out that Android also includes a feature that enables Google to remotely install apps on user...