PT-2026-4687

In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

Android Security Bulletin—December 2025Stay organized with collectionsSave and categorize content based on your preferences.

This Android Security Bulletin contains details of security vulnerabilities that affect Android devices. Security patch levels of 2025-12-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Within 48 hours afte...

Android 16 Security Release NotesStay organized with collectionsSave and categorize content based on your preferences.

This Android Security Release Notes contains details of security vulnerabilities affecting Android devices which are addressed as part of Android 16. Android 16 devices with a security patch level of 2025-07-01 or later are protected against these issues Android 16, as released on AOSP, will have...

Android Security Bulletin—March 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2025-03-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

Android Open Source Platform (AOSP) Browser UXSS

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Open Source Platform AOSP Browser UXSS', 'Description' = %q This module exploits a Universal Cross-Site Scripting UXSS vulnerability...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in the Google Android Open Source Project AOSP, which stems from a vulnerability that allows an attacker to remotely execute code via Bluetooth without additional privileges. The followi...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in the Google Android Open Source Project AOSP, which stems from a vulnerability that allows an attacker to remotely execute code via Bluetooth without additional privileges. The followi...

Android Security Bulletin—July 2022Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2022-07-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

Android to Support Rust Programming Language to Prevent Memory Flaws

Google on Tuesday announced that its open source version of the Android operating system will add support for Rust programming language in a bid to prevent memory safety bugs. To that end, the company has been building parts of the Android Open Source Project AOSP with Rust for the past 18 months...

CVE-2018-6598

An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices. Any app co-located on the device can send an intent to factory reset the device programmatically because of com.android.server.MasterClearReceiver. This does not require any user interactio...

Pixel / Nexus Security Bulletin—August 2018Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel/Nexus Security Bulletin contains details of security vulnerabilities and functional improvements affecting supported Google Pixel and Nexus devices Google devices. For Google devices, security patch levels of 2018-08-05 or later address all issues in this bulletin and all issues in the...

Android Security Bulletin—December 2017Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2017-12-05 or later address all of these issues. To learn how to check a device's security patch level, see Check & update your Android version. Android partners are...

Android AOSP Mail Information Disclosure Vulnerability (CNVD-2016-02863)

Android is the United States Google Google and the Open Handheld Alliance referred to as OHA jointly developed a set of Linux-based open source operating system.AOSP Mail is one of the AOSP Android Open Source Project e-mail component. AOSP Mail for Android suffers from an information disclosure...

Android Open Source Platform (AOSP) Browser UXSS

This module exploits a Universal Cross-Site Scripting UXSS vulnerability present in all versions of Android's open source stock browser before 4.4, and Android apps running on 'Android Open Source Platform AOSP Browser UXSS', 'Description' = %q This module exploits a Universal Cross-Site Scriptin...

Android Open Source Platform (AOSP) Browser UXSS

This module exploits a Universal Cross-Site Scripting UXSS vulnerability present in all versions of Android's open source stock browser before 4.4, and Android apps running on 'Android Open Source Platform AOSP Browser UXSS', 'Description' = %q This module exploits a Universal Cross-Site Scriptin...

OpenCORE pvmp3_huffman_parsing.cpp MP3文件解析整数下溢漏洞

BUGTRAQ ID: 33673 CVECAN ID: CVE-2009-0475 OpenCORE是开放源码的多媒体解码子系统。 OpenCORE的pvmp3huffmanparsing.cpp文件在Huffman解码期间存在整数下溢，导致在写入到堆分配缓冲区时出现错误的边界检查。如果用户受骗打开了恶意的mp3文件，就可以触发这个溢出，导致播放器崩溃或执行任意代码。 Android Open Source Project OpenCORE = 2.0 厂商补丁： Android Open Source Project ---------------------------...