CVE-2018-14986

The CVE-2018-14986 entry describes a vulnerability on the Leagoo Z5C: a pre-installed app com.android.messaging exposes an exported content provider (MessagingContentProvider) that allows any co-located, zero-permission app to read the most recent text messages from every conversation, including ...

CVE-2018-14992

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/USPhone/ASUSX0081:7.0/NRD90M/USPhone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm versionCode=1510500200, versionName=1.5.0.40171122 has an exposed interface...

CVE-2018-9566

In processservicesearchrsp of sdpdiscovery.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure when connecting to a malicious Bluetooth device with no additional execution privileges needed. User interaction is needed for...

Google Makes 2 Years of Android Security Updates Mandatory for Device Makers

When it comes to security updates, Android is a real mess. Even after Google timely rolls out security patches for its Android platform, a major part of the Android ecosystem remains exposed to hackers because device manufacturers do not deliver patches regularly and on a timely basis to their...

How to collect Receiver for Android Logs

Different ways of collecting Receiver logs from Android Device...

Error: "Cannot add app " on Android When Trying to Add App from XenMobile App Store

The user gets "Cannot add app " on the Android device when trying to add an app from XenMobile App Store, and MDMERRORUSERDEPROVISIONED gets logged in Debug logs. Other already installed apps work normally. Device has not been purposefully removed, and the device looks normal in XenMobile console...

Google Android Security Bypass Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A security vulnerability exists in the Device Administrator code in versions prior to Android 4.4.1r1, which stems from the program's failure to update the mAdminMap data structur...

How to Install and Collect ADB logs on android device

Requirement is to download the ADB software in order to take real time logs from the Android device...

U.K. and U.S. Government Websites Among Thousands Infected by Cryptocurrency Miner

More than 4,200 websites, including many run the U.K. and U.S. governments, were infected on Feb. 11 by a Monero cryptocurrency miner delivered through Browsealoud, a hosted accessibility service that can read website content aloud for people with visual impairments. Browsealoud developer Texthel...

Google Android Broadcom Component Elevation of Privilege Vulnerability (CNVD-2017-36944)

Android on Google Pixel and Nexus is an open source Linux-based operating system for the Google Pixel and Nexus smartphones developed by Google and the Open Handheld Alliance OHA, in which the Broadcom driver is used. Broadcom driver is a Broadcom driver component for Broadcom devices. An elevati...

CVE-2017-8141

The Touch Panel TP driver in P10 Plus smart phones with software versions earlier than VKY-AL00C00B153 has a memory double free vulnerability. An attacker with the root privilege of the Android system tricks a user into installing a malicious application, and the application can start multiple...

Error "Set device encryption on device to use this app" on Android device

Apps install correctly and no issues are shown on the server. However, while opening the app on the device, the message "Set device encryption on your device to use this app " is displayed. The device storage is encrypted still we see this issue...

Secure App's access on Android devices Hung with the Screen "please wait"

End user accesses Secure App's on Android device which flips to SecureHub forauthentication and will get stuck on the screen 'Please wait' and circle keep on spinning endlessly. Screenshot Below for reference:...

The vulnerability of the audio driver of the mobile application MSM for the Android operating system allows a hacker to trigger a memory overflow in the buffer dynamic area.

The vulnerability of the Android mobile application’s audio driver relates to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to trigger a numerical overflow, followed by an overflow of the dynamic memory buffer. This occurs if the function name is too long...

Unable to upload a file to an internal webpage using Secure Web

XenMobile 10.x Secure Web 10.x iOS 10.x User able to access the upload site, however, upload never completes successfully w/ no error or other notification. Behavior doesn't occur when attempting same on an Android device...

During New MAM Enrollment End User Receives - "An error occurred. The enrollment will stop"

During enrollment MDM proceeds successfully, but the MAM enrollment fails with "An error occurred. The enrollment will stop". OnAndroid you may experience the following: Enrollment will successfully complete, however Secure Hub is enrolled only in MDM mode not MAM. Scenarios that Identify failed...

Using the CTS for vulnerability detection and principles of analysis-vulnerability warning-the black bar safety net

360 Vulpecker team Membership 360 Information Security Department, committed to the Android application and the system-layer vulnerability discovery as well as other Android security research. We passed on the CTS frame of the research, the preparation of a vulnerability detection aspect of the...

CVE-2017-0643

A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,...

CVE-2017-5033

Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline...

CVE-2017-0506

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical...