CVE-2023-46139 KernelSU signature validation mismatch

KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic...

Google Android elevation of privilege vulnerability (CNVD-2024-02335)

Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in Google Android due to an insecure PendingIntent in the createQuickShareAction of SaveImageInBackgroundTask.java, which can be exploited by an attacker to elevate privileges...

Pixel Watch Security Bulletin—September 2023Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices Google Devices. For Google devices, security patch levels of 2023-09-05 or later address all applicable issues in the September 2023 Android Security Bulletin and all issues in this...

Wear OS Security Bulletin—September 2023Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2023-09-05 or later from the September 2023 Android Security Bulletin in addition to all issues in this bulletin. We encourage a...

ASB-A-223793631

In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

SUSE CVE-2023-4361

Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Chromium security severity: Medium...

PT-2023-18057 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a logic error in the code that allows the microphone privacy indicator to be obscured in multiple locations. This could lead to...

Two Spyware Apps on Google Play with 1.5 Million Users Sending Data to China

Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million Android users at risk. These apps engage in deceptive behaviour and secretly send sensitive user data to malicious servers in China. Pradeo, a leading mobile...

Two Spyware Apps on Google Play with 1.5 Million Users Sending Data to China

Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million Android users at risk. These apps engage in deceptive behaviour and secretly send sensitive user data to malicious servers in China. Pradeo, a leading mobile...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability. Attackers have exploited the vulnerability to cause local information leakage...

CVE-2023-21203

In startWpsPbcInternal of staiface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID...

CVE-2023-21173

In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-21172

In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-21194

The CVE-2023-21194 entry concerns Android 13 Bluetooth stack (gatt_utils.cc: gatt_dbg_op_name). A missing bounds check allows an out-of-bounds read, enabling local information disclosure via the Bluetooth server. Exploitation requires System privileges; no user interaction is needed. Public detai...

PT-2023-18004 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible out of bounds read due to unsafe deserialization in the addGroupWithConfigInternal function of p2p iface.cpp. This could lead to local information disclosure, requiri...

Unspecified Vulnerability in Google Android (CNVD-2023-52835)

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by an attacker to cause local information to be disclosed without additional execute privileges...

Google Android suffers from unspecified vulnerability (CNVD-2023-52832)

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by an attacker to cause a local elevation of privilege that requires no additional execute privileges...

CVE-2023-21127

In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12...

CVE-2023-21108

In sdpubuilduuidseq of sdpdiscovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2023-21101

In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID:...