Toll fraud malware: How an Android application can drain your wallet

Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware – and it continues to evolve. Compared to other subcategories of billing fraud, which...

Toll fraud malware: How an Android application can drain your wallet

Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware – and it continues to evolve. Compared to other subcategories of billing fraud, which...

CVE-2022-20141

In ipcheckmcrcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Design/Logic Flaw

In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

PT-2022-14380 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-11 Description: The issue is related to a confused deputy in multiple functions of AvatarPhotoController.java, which could allow access to content owned by system content providers. This may lead to...

CVE-2022-20115

The CVE-2022-20115 issue affects Android 12/12L and centers on TelephonyRegistry.java, in broadcastServiceStateChanged, where a missing permission check could disclose base station information without location permission. This enables local information disclosure with no user interaction required...

Google Android 安全漏洞

Google Android is a Linux-based open-source operating system from the U.S. company Google Google. Google Android has an information leakage vulnerability that can be exploited by attackers to obtain sensitive information...

Pixel Update Bulletin—May 2022Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2022-05-05 or later address all issues in this bulletin and all issues in the May 2022 Android Security...

ASB-A-201645790

In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2021-39807

In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed...

Old Play Store apps served notice by upcoming API level changes

Starting very soon, old and outdated apps on the Google Play Store will no longer be available to download. A major clearout is coming, and if you’re an app developer it may be time to overhaul your product or face Android-centric oblivion. What’s happening? Android makes use of APIs application...

CVE-2022-0802

Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox URL bar via a crafted HTML page...

CVE-2022-0802

Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox URL bar via a crafted HTML page...

CVE-2021-39749

CVE-2021-39749 affects Android 12L WindowManager; it allows starting non-exported/protected activities due to a missing permission check, enabling local privilege escalation with no additional privileges and no user interaction. A PoC demonstrates cross-app activity startup via TaskFragment/Choos...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a security vulnerability that stems from the disclosure of side-channel information in settings, which can be exploited by attackers to obtain sensitive information...

Google Android 安全漏洞

Google Android is a Linux-based open-source operating system from the US company Google. Google Android has an information leakage vulnerability that can be exploited by attackers to obtain sensitive information...

Information disclosure

In showregs of process.c, there is a possible leak of kernel memory and addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

Exploit for Improper Initialization in Linux Linux_Kernel

Information c Exploit Title: Local Privilege Escalation...

Google Android 安全漏洞

Google Android is a Linux-based open-source operating system from the US company Google. Google Android has security vulnerabilities, and no details of the vulnerabilities are available...

Samsung SMR安全漏洞

Samsung Knox Guard is a security solution based on the open-source Android platform from South Korea's Samsung Samsung, which can comprehensively enhance security through a combination of physical means and software systems, and is perfectly compatible with the Android and Google ecosystems,...