LeakVM - Research & Pentesting Framework For Android, Run Security Tests Instantly

LeakVM: Run security tests instantly. Why LeakVM : LeakVM fast security test on Android, by skipping the time-consuming build pen-testing laboratories, you can test on real devices or virtual devices. LeakVM makes researchers and pen-testers more productive since they can run the test on real tim...

Pixel / Nexus Security Bulletin—February 2018Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel/Nexus Security Bulletin contains details of security vulnerabilities and functional improvements affecting supported Google Pixel and Nexus devices Google devices. For Google devices, security patch levels of 2018-02-05 or later address all issues in this bulletin and all issues in the...

Google Booted 700,000 Bad Apps From Its Marketplace in 2017

Google set the record straight on Android security Tuesday, announcing that in 2017 it booted 700,000 apps from Google Play for violating marketplace policies. In a blog post titled “How we fought bad apps and malicious developers in 2017,” Google outlined efforts made over the last 12 months to...

CVE-2017-11069

CVE-2017-11069 is a heap overflow in the SafeSwitch image handling, reported for Android for MSM platforms (CAF/Linux kernel) and associated Qualcomm bootloader contexts. The vulnerability arises from manipulation of SafeSwitch Image data, and is categorized in the Qualcomm bootloader area as an ...

Google Qualcomm Bootloader Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and Qualcomm Bootloader is a Qualcomm-developed bootloader used in it. An elevation of privilege vulnerability exists in the Qualcomm Bootloader in Android. A remote attacker can...

Code injection

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale...

CVE-2017-8211

The CVE-2017-8211 entry concerns a buffer overflow in the driver of Huawei Honor 5C and Honor 6X smartphones. Affected software versions are earlier than NEM-AL10C00B356 (for Honor 5C) and Berlin-L21HNC432B360 (for Honor 6X). The root cause is lack of parameter validation in the driver, enabling ...

CVE-2017-0831

An elevation of privilege vulnerability in the Android framework window manager. Product: Android. Versions: 8.0. Android ID: A-37442941...

Design/Logic Flaw

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function mdssrotatorioctl in the driver /dev/mdssrotator, a Use-After-Free condition can potentially occur due to a fence being installed too early...

CVE-2017-11022

CVE-2017-11022 affects Android-based MSM platforms (Android for MSM, Firefox OS for MSM, QRD Android) with CAF Linux kernel. The issue is that probe requests from a user’s device may reveal information elements that specify supported Wi‑Fi features, creating a potential privacy exposure if sniffe...

Mail.ru: Download attachments with traversal path into any sdcard directory (incomplete fix 106097)

Привет 106097 был исправлен не полностью, все еще можно скачать вложение в письме мимо downloads директории на sdcard. Если имя файла будет что-от вроде "../file.txt" то такой файл будет скачен мимо /sdcard/download. Для файлов "%2e%2e%2f/file.txt" скачивает правильно. Скачать можно только на...

CVE-2017-11052

CVE-2017-11052 affects Android components built on CAF Linux kernel, specifically when processing a crafted QCA_NL80211_VENDOR_SUBCMD_NDP vendor command in Android for MSM, Firefox OS for MSM, and QRD Android. The vulnerability is a buffer over-read in the cfg80211 vendor command handler, leading...

Google Android Qualcomm WLAN Component Information Disclosure Vulnerability (CNVD-2017-31251)

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An information disclosure vulnerability exists in the Google Android Qualcomm WLAN component, which can be exploited by an attacker to obtain sensitive information buffer...

UBUNTU-CVE-2017-0816

An information disclosure vulnerability in the Android media framework libeffects. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63662938...

Android Security Bulletin—October 2017Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of October 05, 2017 or later address all of these issues. To learn how to check a device's security patch level, see Check & update your Android version. Android partners ar...

Remote Wi-Fi Attack Backdoors iPhone 7

Google on Tuesday disclosed details and a proof-of-concept exploit for a Wi-Fi firmware vulnerability in Broadcom chipsets patched this week in iOS 11. The attack enables code execution and persistent presence on a compromised device. “The exploit gains code execution on the Wi-Fi firmware on the...

Privilege escalation

A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722328. References: B-V2017053103...

Google Android MediaTek libmtkomxvdec elevation of privilege vulnerability

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, and MediaTek libmtkomxvdec is a MediaTek decoder library used in it. An elevation of privilege vulnerability exists in MediaTek libmtkomxvdec in Android. An attacker can exploit this...

13 Critical Remote Code Execution Bugs Fixed in September Android Update

Google fixed 81 vulnerabilities, including 13 critical remote code execution bugs, in the September release of its Android Security Bulletin on Tuesday. The most concerning vulnerabilities, as usual, concern Media Framework, Android’s lightweight media player. The framework includes the...

Dangerous WireX Android DDoS Botnet Killed by Security Giants

By Waqas IT Security Vendors Successfully neutralized Deadly WireX Android Botnet through This is a post from HackRead.com Read the original post: Dangerous WireX Android DDoS Botnet Killed by Security Giants...