53 matches found
[SECURITY] Fedora 40 Update: enjarify-1.0.3-35.fc40
Android applications are Java programs that run on a customized virtual machine, which is part of the Android operating system, the Dalvik VM. Their bytecode differs from the bytecode of normal Java applications. Enjarify can translate the Dalvik bytecode back to equivalent Java bytecode, which...
Lenovo Browser Code Injection Vulnerability
Lenovo Browser is a browser from the Chinese company Lenovo. It is used to locate, retrieve and display content on the World Wide Web. A code injection vulnerability exists in Lenovo Browser Mobile V9.1.3.1 and earlier versions, Lenovo Browser HD Apps for Android V2.1.4.1 and earlier versions,...
Arid Viper disguising mobile spyware as updates for non-malicious Android applications
Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat APT group targeting Arabic-speaking Android users. In this campaign, the actors leverage custom mobile malware, also known as Android Package files APKs, ...
CVE-2023-25749
Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. This bug only affects Firefox for Android. Other version...
CVE-2023-25749
Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. This bug only affects Firefox for Android. Other version...
CVE-2021-3898
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker...
Code injection
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker...
Samsung ApkInstaller 安全漏洞
Samsung ApkInstaller is a tool from Samsung, a South Korean company, for installing Apk files from Android memory cards. It is used to install Apk files from Android memory cards.An authorization issue vulnerability exists in the dynamic receiver in Samsung ApkInstaller, which stems from a lack o...
Android Apps developed using Yappli fails to restrict custom URL schemes properly
Overview Yappli provided by Yappli, Inc. is an application development platform. Android Apps that are developed with Yappli provide the function to access a requested URL using Custom URL Scheme. The access to the function is not restricted properly CWE-939 which may be exploited to direct the A...
RAINBOWMIX Apps in Google Play Serve Up Millions of Ad Fraud Victims
Researchers with White Ops have uncovered a scam to deliver millions of out-of-context OOC ads through a group of more than 240 Android applications on the official Google Play store, which the team said were collectively delivering more than 15 million impressions per day at their peak. The apps...
GHSA-C6PW-Q7F2-97HV Privilege Escalation in cordova-plugin-inappbrowser
Versions of cordova-plugin-inappbrowser prior to 3.1.0 are vulnerable to Privilege Escalation. A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. This affects Cordova Android...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Google Chrome
CVE-2020-6514 The exploit When writing the exploit, I origina...
Exploiting Android Messengers with WebRTC: Part 3
Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in WebRTC. CVE-2020-6514 discussed in the blog post was fixed on July 14 with these CLs.This series highlights what can go wrong when applications don't apply WebRTC...
9 million users installed 85 adware infected apps from Play Store
By Uzair Amir Google has now removed all 85 Adware from Play Store. Reportedly, 85 Android applications on Google Play Store were discovered to be sending dangerous, full-screen adware to users. These apps collectively have been installed approx. 9 million times across the world. It is identified...
CVE-2018-16225
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android, which results in an attacker being able to reuse cookies to bypass authentication and...
ReverseAPK - Quickly Analyze And Reverse Engineer Android Packages
Quickly analyze and reverse engineer Android applications. FEATURES: Displays all extracted files for easy reference Automatically decompile APK files to Java and Smali format Analyze AndroidManifest.xml for common vulnerabilities and behavior Static source code analysis for common vulnerabilitie...
Lenovo VIBE, Moto, and ZUK Mobile Phone Remote Code Execution Vulnerability - Lenovo Support US
No description provided...
CVE-2016-4839
The Android Apps Money Forward prior to v7.18.0, Money Forward for The Gunma Bank prior to v1.2.0, Money Forward for SHIGA BANK prior to v1.2.0, Money Forward for SHIZUOKA BANK prior to v1.4.0, Money Forward for SBI Sumishin Net Bank prior to v1.6.0, Money Forward for Tokai Tokyo Securities prior...
Hundreds of Apps Using Ultrasonic Signals to Silently Track Smartphone Users
Your smartphone may have some apps that are continuously listening inaudible, high-frequency ultrasonic sounds from your surroundings and they know where you go, what you like and dislike — all without your knowledge. Ultrasonic Cross-Device Tracking is a new technology that some marketers and...
Adobe AIR <= 22.0.0.153 Android Applications Runtime Analytics MitM (APSB16-31)
The version of Adobe AIR installed on the remote Windows host is prior or equal to version 22.0.0.153. It is, therefore, affected by a man-in-the-middle MitM vulnerability due to the cleartext transmission of runtime analytics for AIR applications on Android. A MitM attacker can exploit this to...