Wiretapping storm: the Android platform https sniffing hijacking vulnerability-vulnerability warning-the black bar safety net

0x0 Preface Last year 1 0 mid-May, Tencent Security Center in the daily terminal Safety audits found that, in the Android platform used in https communication of app the vast majority of are not safe to use the google API, a direct result of https communication of sensitive information leakage ev...

Kindle App for Android fails to verify SSL server certificates

Overview Kindle App for Android fails to verify SSL server certificates. Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an...

Apache Cordova 3.5.1: CVE-2014-3502 update

The following text is amended from the original that was sent on August 4th. More background information on this amendment can be found at http://cordova.apache.org/announcements/2014/08/06/android-351-update.html Android Platform Release: 04 Aug 2014 CVE-2014-3502: Cordova apps can potentially...

aNmap - Android Network Mapper (Nmap for Android)

Nmap is one of the most improtant tools for every cracker white, grey black hat "hacker". Nmap is a legendary hack tool and probably the prevelent networt security port scanner tool over the last 10 years on all major Operating Systems. So far it was available in windows, linux and Mac OS X. But...

Adobe PhoneGap设备资源限制绕过漏洞

CVE ID:CVE-2014-1883 Apache PhoneGap是一款容易使用HTML5和JavaScript构建跨平台的移动应用的流行开源平台。 安卓平台上的Adobe PhoneGap使用shouldOverrideUrlLoading回调来代替正确的shouldInterceptRequest回调，允许攻击者利用漏洞通过特制的XMLHttpRequest方法来绕过设备资源限制，执行恶意操作。 0 Adobe PhoneGap 2.6.0 目前没有详细解决方案提供： https://cordova.apache.org/...

Symantec discovered Android Malware Toolkit named Dendroid

Android platform is becoming vulnerable day by day and hackers always try to manipulate android by applying novel techniques. In this regard, Symantec researchers have found a new android malware toolkit named “Dendroid”. Previously Symantec found an Android Remote admin tool named AndroRAT is...

VulnCheck KEV: CVE-2012-0773

The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers...

[Mercury v2.2.0] The Android Assessment Framework

Mercury is a security assessment framework for the Android platform. It allows you to dynamically interact with the Inter-Process Communication IPC endpoints exported by an application installed on a device. Mercury provides similar functionality to a number of static analysis tools, such as aapt...

flash-plugin: multiple code execution flaws (APSB13-11)

Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before...

Android platform and exposure feel free to turn on and turn off the phone wifi function vulnerability-vulnerability warning-the black bar safety net

Disclosure of status: 2013-03-05: positive contact vendors and wait for manufacturers to claim, details not open to the public 2013-03-05: vendor has been active ignored vulnerabilities, the details disclosed to the public Brief description: The Settings application contains com. android. setting...

Malnets to Continue Targeting Mobile Devices in 2013

Cybercriminals tested the water in 2012 with malnets — collections of domains, servers and websites designed to deliver malware -– and appear poised to target mobile devices even more so in 2013, according to a new report released yesterday. Blue Coat Systems’ 2013 Mobile Malware Report PDF posit...

Android Boat Browser / Boat Browser Mini 信息泄露漏洞(CVE-2012-5179)

CVE ID:CVE-2012-5179 Android Boat Browser / Boat Browser Mini是安卓平台下的浏览器应用。 Android平台下的Boat Browser / Boat Browser Min不正确实现WebView class，允许攻击者构建恶意应用，诱使用户安装后，获取敏感信息。 0 Android Boat Browser application 4.2之前版本 Android Boat Browser Mini application 3.9之前版本 厂商解决方案 用户可联系厂商获得最新的应用版本修复此漏洞：...

Report: 'Aggressive Adware' More Prevalent Among Android Malware

A new report from Trend Micro showed a 483 percent jump in malware — including “aggressive adware” that harvests person data without permission using legitimate ad networks. It’s no surprise that the open nature of the Android platform makes it a magnet for malware, but the type of malware becomi...

Android Dr. Web Anti-Virus信息泄露漏洞

Android Dr.Web Anti-virus是一款基于安卓平台的杀毒软件。 当处理com.drweb.activities.antispam.CursorActivit类中的SQL查询时存在错误，可被利用泄露呼叫历史和SMS消息。 0 Dr.Web Anti-virus for Android 7.x 厂商解决方案 Dr.Web Anti-virus for Android 7.00.2已经修复此漏洞，建议用户下载使用： http://news.drweb.com/show/?c=5&i=2573&lng=en...

[PT-2012-23] SQL Injection in Dr.Web Anti-virus

----------------------------------------------------------------------------- PT-2012-23 Positive Technologies Security Advisory SQL Injection in Dr.Web Anti-virus ----------------------------------------------------------------------------- --- Vulnerable software Dr.Web Anti-virus Version: 7.00...

Android Malware as Beware of Chinese called "The Roar of the Pharaoh"

Android Malware as Chinese game "The Roar of the Pharaoh" Security researchers have spotted a bogus Chinese game, that's actually a trojan horse gathering sensitive information from infected devices, next to sending premium-rate SMS messages. It is Chinese game that is original with its rights bu...

CVE-2012-1388

Unspecified vulnerability in the XiXunTianTian com.xixun.tiantian application 0.6.2 beta for Android has unknown impact and attack vectors...

Dropper Malware comes with DLL Hijacking Feature

Dropper Malware comes with DLL Hijacking Feature Trojans, Viruses, Worms have become the scare of the year, and with good reason. Many of the recent files are malicious in nature, causing the infected user at the very worst, to lose everything on their computer. There are few specially coded...

flash-plugin: mulitple code execution flaws (APSB11-28)

Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a...

flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service memory corruption via...