CVE-2018-11911

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, improper configuration of script may lead to unprivileged access...

CVE-2018-9459

In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2018-9459

In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Design/Logic Flaw

In ih264dvideodecode of ih264dapi.c there is a possible resource exhaustion due to an infinite loop. This could lead to remote temporary device denial of service remote hang or reboot with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android...

Google Makes 2 Years of Android Security Updates Mandatory for Device Makers

When it comes to security updates, Android is a real mess. Even after Google timely rolls out security patches for its Android platform, a major part of the Android ecosystem remains exposed to hackers because device manufacturers do not deliver patches regularly and on a timely basis to their...

Google Makes 2 Years of Android Security Updates Mandatory for Device Makers

When it comes to security updates, Android is a real mess. Even after Google timely rolls out security patches for its Android platform, a major part of the Android ecosystem remains exposed to hackers because device manufacturers do not deliver patches regularly and on a timely basis to their...

CVE-2018-15542

An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: th...

Google Patches Critical Vulnerabilities in Android OS

Google patched six critical remote code execution flaws in its Android operating system as part of its October Android Security Bulletin. Four of those remote code execution flaws are tied to Android’s Media framework and impact a wide range of Android devices including Google’s Pixel and Nexus...

CVE-2018-11904

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, asynchronous callbacks received a pointer to a callers local variable. Should the caller return early e.g., timeout, the callback will dereference an invalid pointer...

Input validation

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to OOB access in WLAN HOST...

Pixel / Nexus Security Bulletin—September 2018Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel/Nexus Security Bulletin contains details of security vulnerabilities and functional improvements affecting supported Google Pixel and Nexus devices Google devices. For Google devices, security patch levels of 2018-09-05 or later address all issues in this bulletin and all issues in the...

CVE-2018-5383

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key...

Fortnite Skips Google Play For Android Apps, Irking Security Experts

Security experts are dismayed after the makers of extremely popular video game Fortnite said its Android version of the game will only be available for download via the company’s website, shirking the Google Play store. Last week, Fortnite creator Epic Games confirmed that it will directly...

Android Security Bulletin—August 2018Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-08-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

CVE-2016-6564

Android devices with code from Ragentek contain a privileged binary that performs over-the-air OTA update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs,...

Code injection

While padding or shrinking a nested wmi packet in all Android releases from CAF using the Linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-07-05, a buffer over-read can potentially occur...

CVE-2018-5887

While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-06-05...

Path traversal

While processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-06-05...

CVE-2018-5898

Integer overflow can occur in msmpcmadspstreamcmdput function if the user supplied data "paramlength" goes beyond certain limit in Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-06-05...

Pixel / Nexus Security Bulletin—July 2018Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel/Nexus Security Bulletin contains details of security vulnerabilities and functional improvements affecting supported Google Pixel and Nexus devices Google devices. For Google devices, security patch levels of 2018-07-05 or later address all issues in this bulletin and all issues in the...