Code injection

The Qualcomm camera driver in Android before 2016-07-05 on Nexus 5X, 6, 6P, and 7 2013 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 27890772 and Qualcomm internal bug CR1001092...

Integer overflow

Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka Android internal bug 28822465 and Qualcomm internal bug CR81393...

CVE-2014-9801

Multiple integer overflows in lib/libfdt/fdtrw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm internal bug CR705078...

UBUNTU-CVE-2016-3752

internal/app/ChooserActivity.java in the ChooserTarget service in Android 6.x before 2016-07-01 mishandles target security checks, which allows attackers to gain privileges via a crafted application, aka internal bug 28384423...

CVE-2014-9796

CVE-2014-9796 affects Android on Nexus 5 and Nexus 7 (2013) via the Qualcomm component’s app/aboot/aboot.c, where the kernel header page size is not validated, enabling a crafted boot image to bypass access restrictions. Public details are tied to Android/Qualcomm bug references (28820722, CR6847...

CVE-2014-9801

Multiple integer overflows in lib/libfdt/fdtrw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm internal bug CR705078...

CVE-2014-9801

CVE-2014-9801 concerns Android components on Nexus 5 (Qualcomm) where multiple integer overflows in lib/libfdt/fdt_rw.c can be triggered by a crafted application to gain privileges. The issue is described as an Android internal bug 28822060 and a Qualcomm internal bug CR705078, affecting Qualcomm...

CVE-2015-8892

CVE-2015-8892 affects the Qualcomm components in Android on Nexus 5X and 6P, where platform/msm_shared/boot_verifier.c can bypass intended access restrictions by using a digest with trailing data. The issue pertains to Android versions prior to 2016-07-05 and is referenced in Android/Qualcomm bug...

CVE-2014-9787

CVE-2014-9787 describes an integer overflow in drivers/misc/qseecom.c of the Qualcomm component used in Android on Nexus 7 (2013) devices. The vulnerability could allow a local attacker to gain privileges via a crafted application, due to the overflow in the Qualcomm qseecom driver. Public detail...

Samsung Android JACK - Privilege Escalation

Exploit for Android platform in category local exploits Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=796 https://bugs.chromium.org/p/project-zero/issues/detail?id=795 The usermode audio subsystem for the "Samsung Android Professional Audio" is based on JACK, which appears to...

Android security development of ZIP file directory traversal-vulnerability warning-the black bar safety net

ZIP compressed package file to allow the presence of“../”string, an attacker can carefully construct the ZIP file, use multiple“../”thereby changing the ZIP package to a file in the storage position, the cover to replace the application the original file. If the overwritten file is available. so...

Mobile Triada and Horde Variants Bypass Android Security

Two mobile variants of Triada and Horde malware have been spotted in the wild by Check Point Software Technologies researchers who warn the latest samples have adopted dangerous new techniques including the ability to evade Google’s security on some OS versions. The Android Trojan called Triada,...

CVE-2016-2491

The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27556408...

Code injection

Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658...

June 2016 Android Security Bulletin

Google today pushed out its monthly Android patches, addressing what is becoming a monthly custom of a critical Mediaserver vulnerability, in addition to a half-dozen critical flaws in different Qualcomm drivers. The Android Security Bulletin includes patches for eight critical flaws, and while...

UBUNTU-CVE-2016-1671

Google Chrome before 50.0.2661.102 on Android mishandles / slash and \ backslash characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filenameutil.cc...

CVE-2016-2448

media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly validate entry data structures, which allows attackers to gain privileges via a crafted application, as...

CVE-2016-2440

CVE-2016-2440 affects Android’s Binder component, specifically the code path in libs/binder/IPCThreadState.cpp within Binder. The description indicates that object references are mishandled, allowing a crafted application to gain privileges (elevation of privilege) on affected Android versions. A...

Exploiting CVE-2016-2060 on Qualcomm Devices

Mandiant’s Red Team recently discovered a widespread vulnerability affecting Android devices that permits local privilege escalation to the built-in user “radio”, making it so an attacker can potentially perform activities such as viewing the victim’s SMS database and phone history. The...

Google Patches More Trouble in Mediaserver

Google has re-branded its monthly patch release, bringing a new name and new scope to the newly renamed Android Security Bulletin. While that may be new, the content is definitely familiar. Once again, critical remote code execution Mediaserver vulnerabilities dominate this month’s patches...