Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-40832)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile devices have a security vulnerability that can be exploited by attackers to conduct brute force attacks on screen lock passwords...

Samsung Mobile Device Buffer Overflow Vulnerability (CNVD-2020-40825)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile devices have a security vulnerability that can be exploited by attackers to execute arbitrary code...

Samsung Mobile Device Buffer Overflow Vulnerability (CNVD-2020-31272)

Android is a free and open source operating system from Google based on the Linux kernel without GNU components. A buffer overflow vulnerability exists in Samsung mobile devices, which can be exploited by an attacker to execute arbitrary code...

Trojan Raids Android Users' Cookie Jars

Everyone loves cookies – including cybercriminals. Their tastes however can run to a different sort of cookie, as evidenced by a fresh strain of Android malware that may be implanted prior to users purchasing a device. Appropriately dubbed “Cookiethief” by the Kaspersky researchers who discovered...

CVE-2020-0062

CVE-2020-0062 affects Android Euicc. An information disclosure exists due to an included test certificate, enabling remote data exposure without extra privileges. Exploitation is network-based with no user interaction required. CVSSv2/3.1 base scores are 5.0 (MEDIUM) and 7.5 (HIGH) respectively. ...

Pixel Update Bulletin—March 2020Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2020-03-05 or later address all issues in this bulletin and all issues in the March 2020 Android Securi...

Pixel Update Bulletin—February 2020Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2020-02-05 or later address all issues in this bulletin and all issues in the February 2020 Android...

Android Security Bulletin—February 2020Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-02-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

CVE-2019-13747

Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2019-2225

When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is...

ANDRAX v4 DragonFly - Penetration Testing on Android

ANDRAX is a Penetration Testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution, But more powerful than a common distribution! The development of ANDRAX began on 08/09/2016 DD/MM/YYYY only fo...

Security Bulletin: NVIDIA SHIELD TV - October 2019

NVIDIA has released a software security update for NVIDIA SHIELD® TV. This update addresses issues that may lead to information disclosure, denial of service, code execution, or escalation of privileges. To protect your system, download and install this software update through Settings About Syst...

CVE-2018-9581

CVE-2018-9581 describes an information-disclosure flaw in Android where WiFi RSSI (and SSID) data are broadcast via intents (android.net.wifi.RSSI_CHANGE and android.net.wifi.STATE_CHANGE). This cross-process leakage can allow any on-device app to observe a user’s proximity/location context witho...

CVE-2019-9379

CVE-2019-9379 affects the Android 10 libstagefright component. The issue is a resource-exhaustion DoS caused by a missing bounds check in a multimedia processing path. The impact is remote denial of service with no privileges required, and exploitation requires user interaction. There is no docum...

CVE-2019-9361

The CVE-2019-9361 entry concerns Android 10’s libavc (media framework) with an information-disclosure flaw caused by uninitialized data. Affected component: libavc in Android 10 (Android-10). Impact: potential remote information disclosure without executing code; exploitation requires user intera...

CVE-2019-9268

CVE-2019-9268 affects Android’s media stack (libstagefright) with a use-after-free caused by improper locking, enabling local escalation of privilege in the media server without extra privileges. The issue is tied to Android 10 (Android-10) and is documented in the Android 10 Security Release Not...

Google Android USB Driver Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA.USB driver is one of the Universal Serial Bus USB drivers. A privilege elevation vulnerability exists in the USB driver in Android. An attacker can exploit this vulnerability to elevate privileges...

Google Android Touch driver boost vulnerability (CNVD-2019-30703)

Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA, and Touch driver is one of the touch drivers. An elevation of privilege vulnerability exists in the Touch driver in Android. An attacker can exploit this vulnerability to elevate privileges...

Type confusion

In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2019-2108

In ihevcdreflist of ihevcdreflist.c in Android 10, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation...