Out-of-bounds

In TBD of TBD, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2021-41096 Use of a Broken or Risky Cryptographic Algorithm in com.mayank.rucky

Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earlier for nightly builds suffer from use of a weak cryptographic algorithm RSA/ECB/PKCS1Padding. The issue will be patched in v2.3 for release builds and 426 onwards for...

TangleBot Malware Reaches Deep into Android Device Functions

An Android malware called TangleBot has weaved its way onto the cyber-scene: One that researchers said can perform a bouquet of malicious actions, including stealing personal info and controlling apps and device functions. According to Cloudmark researchers, the newly discovered mobile malware is...

CVE-2021-30596

Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

IT threat evolution in Q2 2021. Mobile statistics

These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures In Q2 2021, according to data from Kaspersky Security Network: 14,465,672 malware, adware and riskware attacks were prevented. The largest shar...

Pixel Update Bulletin—August 2021Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2021-08-05 or later address all issues in this bulletin and all issues in the August 2021 Android...

CVE-2021-0585

In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2021-0596

In phNciNfcRecvMfResp of phNxpExtnsMifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

CVE-2021-0590

CVE-2021-0590 affects Android components where in NetworkMonitor.java’s sendNetworkConditionsBroadcast a privileged app could obtain WiFi BSSID/SSID without location permissions due to a missing permission check. The impact is local information disclosure with system-level privileges required; ex...

Android Security Bulletin—July 2021Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2021-07-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

CVE-2021-0565

CVE-2021-0565 is a local elevation-of-privilege issue in Android 11 related to wrapUserThread in AudioStream.cpp. The vulnerability arises from a race condition causing a use-after-free, enabling local privilege escalation without user interaction. Documented impact is limited to Android-11/audio...

Google Android elevation of privilege vulnerability (CNVD-2021-43381)

Google Android is a Linux-based open source operating system from the Google Open Handheld Alliance Google. Google Android suffers from an elevation of privilege vulnerability. The vulnerability is caused due to an out-of-bounds write in the memory management driver due to a lack of boundary...

CVE-2021-0324

CVE-2021-0324 is associated with Android/Unisoc components in the 2021 May Android bulletin. Sources catalog it under Unisoc Framework with High severity (per patch-level details), affecting Android devices via the Android SoC/Unisoc stack. The connected records do not provide concrete technical ...

Google Android Memory Management Driver Elevation of Privilege Vulnerability (CNVD-2021-44313)

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in the Google Android memory management driver, which can be exploited by attackers to escalate privileges...

Google Android System elevation of privilege vulnerability (CNVD-2021-44326)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the System component of Google Android. An attacker can exploit the vulnerability to cause a local escalation of...

CVE-2021-30521

Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page...

CVE-2021-30506

Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page...

4 Android Bugs Being Exploited in the Wild

Google updated its May 3 Android security bulletin on Wednesday to say that there are “indications” that four of the 50 vulnerabilities “may be under limited, targeted exploitation.” That was mostly confirmed by Maddie Stone, a member of Google’s Project Zero exploit research group, who clarified...

Telegram heap buffer overflow vulnerability (CNVD-2021-38310)

Telegram is an instant messaging mobile application. A heap buffer overflow vulnerability exists in the custom derived LottieParserImpl :: parseDashProperty function of the rlottie library in Telegram for Android prior to version 7.1.0 2090, iOS prior to version 7.1, and macOS prior to version 7....

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from the Google Open Handheld Alliance Google. Google Android suffers from an elevation of privilege vulnerability. The vulnerability is caused due to an out-of-bounds write in the memory management driver due to a lack of boundary...