Mozilla Firefox for Android < 41.0 Unknown Protocol Pasted URL Handling Spoofing

Binary data 9017.prm...

Nexus Security Bulletin - December 2015Stay organized with collectionsSave and categorize content based on your preferences.

We have released a security update to Nexus devices through an over-the-air OTA update as part of our Android Security Bulletin Monthly Release process. The Nexus firmware images have also been released to the Google Developer site. Builds LMY48Z or later and Android 6.0 with Security Patch Level...

Design/Logic Flaw

Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI...

The industry's conscience: BlackBerry can bypass operators to offer Android security patches-bug warning-the black bar safety net

Each Android phone manufacturer managed to every month on time security updates, but they face a big problem: security updates usually need to obtain the operator's approval, which means that before the update need to wait a few weeks. However, BlackBerry select uncompromising. BlackBerry company...

1-Click Way to Check If your Android Device is Vulnerable to Hacking

Vulnerabilities are common these days and when we talk about mobile security, this year has been somewhat of a trouble for Android users. Almost every week we come across a new hack affecting Android devices. One of the serious vulnerabilities is the Stagefright Security Bug, where all it needed ...

CVE-2015-3865

CVE-2015-3865 : Elevation of privilege in the Android Runtime (ART) before 5.1.1 LMY48T allows a crafted application to gain Signature or SignatureOrSystem privileges, as described in the NVD entry. The root cause is an ART elevation-of-privilege flaw enabling local code execution within an eleva...

Nexus Security Bulletin - October 2015Stay organized with collectionsSave and categorize content based on your preferences.

We have released a security update to Nexus devices through an over-the-air OTA update as part of our Android Security Bulletin Monthly Release process. The Nexus firmware images have also been released to the Google Developer site. Builds LMY48T or later such as LMY48W and Android M with Securit...

Integer overflow

Integer overflow in the BitmapcreateFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service systemserver crash or obtain sensitive systemserver memory-content information via a crafted application that leverages...

CVE-2015-3833

The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictions and discover the name of the foreground application via a crafted application, aka internal bu...

Design/Logic Flaw

The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a 1 FLAGGRANTREADURIPERMISSION or 2...

Integer overflow

The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark BOM, which allows remote attackers to cause a denial of service integer underflow, buffer over-read...

CVE-2015-3829

CVE-2015-3829 is an Android Stagefright vulnerability caused by an off-by-one error in MPEG4Extractor::parseChunk (libstagefright) that can allow remote code execution or memory corruption via crafted MPEG-4 covr atoms with size SIZE_MAX. Affected software: Android versions prior to 5.1.1 LMY48I....

CVE-2015-3833

CVE-2015-3833 affects Android up to version 5.1.1 (LMY48I). Root cause is in ActivityManagerService.getRunningAppProcesses, allowing a crafted app to bypass getRecentTasks restrictions and reveal the foreground app name. Public descriptions across sources confirm the flaw exists in Android before...

CVE-2015-3826

The CVE-2015-3826 issue affects Android’s media stack in libstagefright (MPEG4Extractor.cpp) where MPEG4Extractor::parse3GPPMetaData does not enforce a minimum size for UTF-16 BOM strings. This can enable a remote attacker to trigger a crash in mediaserver via crafted 3GPP metadata (integer under...

CVE-2015-1539

The CVE-2015-1539 issue is a remote-code-execution vulnerability in Android’s libstagefright, caused by integer underflows in ESDS::parseESDescriptor during MP4 atom processing. It affects Android releases prior to 5.1.1 LMY48I; the Android bulletins (e.g., Nexus/Android security bulletin) note t...

CVE-2015-3831

CVE-2015-3831 affects Android mediaserver, specifically the BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnection.cpp. The readAt function may overflow a buffer when processing data provided by another application, leading to memory corruption and potential code execution within the medias...

Android 5. x vulnerability: the hacker can bypass the screen password to enter the system-vulnerability warning-the black bar safety net

Many Android users will choose to use a lock screen password protect the device, but the latest burst of vulnerability was shocking: any person who without complex operation can bypass the lock screen directly into your system! An attacker can exploit the pilot gets a lock on the device all the...

Nexus Security Bulletin - September 2015Stay organized with collectionsSave and categorize content based on your preferences.

We have released a security update to Nexus devices through an over-the-air OTA update as part of our Android Security Bulletin Monthly Release process Build LMY48M. The updates for Nexus devices and source code patches for these issues have also been released to the Android Open Source Project...

Swept the world of security applications AppLock, the same may leak your privacy-vulnerability warning-the black bar safety net

! Security researchers found that the DoMobile Ltd. The company developed the well-known Android security app AppLock presence of a plurality of vulnerabilities, vulnerable to hacker attacks. AppLock app lock description App lock in over 5 0 countries with 1 billion users, it itself supports 2-4...

Dennis Fisher and Mike Mimoso Discuss Black Hat, Android Security, and the Oracle Debacle

Dennis Fisher and Mike Mimoso talk about the news from Black Hat, car hacking, the Mary Ann Davidson blog post, and the Android security mess. Download: digitalunderground216.mp3 Music by Chris Gonsalves...