Google Android Stagefright MP4 Multiple Atoms Integer Underflow (CVE-2015-1539; CVE-2015-3827)

A remote code execution vulnerability, known as Stagefright Vulnerability, has been reported in Android devices core. The vulnerability is due to an integer underflow condition in multiple MP4 atoms. Successful exploitation would allow an attacker to execute arbitrary code on the target system...

Google Android Stagefright MP4 Multiple Atoms Integer Overflow (CVE-2015-1538; CVE-2015-3824; CVE-2015-3829; CVE-2015-3864)

A remote code execution vulnerability, known as Stagefright Vulnerability, has been reported in Android devices core. The vulnerability is due to an integer overflow condition in multiple MP4 atoms. Successful exploitation would allow an attacker to execute arbitrary code on the target or to crea...

Android Broadcast Assembly permission bypass vulnerability-vulnerability warning-the black bar safety net

Lolipop source code has been released some days, I found google in Android 5.0 on the Fix a high risk vulnerability, exploit the vulnerability you can send any broadcast: not only can you send a system protection level of the broadcast, you can also ignore receiver android:exported=false...

CVE-2015-3836

The Parsewave function in arm-wt-22k/libsrc/easmdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow via crafted XMF...

Android very hurt: the Black Hat 2 0 1 5 hacker conference will be the announcement of the 6 mobile security threats-vulnerability warning-the black bar safety net

Black Hat 2 0 1 5 held soon, now with the small series together see see next month at Black Hat USA posted some of the Android security threat. 6 4-bit Android Root Recently a lot about the smartphone Root will cause the phone to much more dangerous debate. But we hope that cyber criminals would...

Non-Nexus Devices and the Android Security Rewards Program

Google’s decision to limit its Android Security Rewards program to newer Nexus devices clearly puts the Google phones on the top tier of secure mobile devices. It also could ultimately have the effect of putting non-Nexus devices in the line of fire. For now, limiting the rewards program to Nexus...

Google Locks Down Excessive Android App Permissions

Excessive mobile application permissions have long been a security and privacy concern, in particular for Android users who download apps for the platform from a number of sources, and not just from Google. The most notorious case is likely Goldenshores Technologies LLC, which agreed to settle...

Faceless: Bypass Setup by External Activity Invoke

Tool Used: Drozer Operating System: Android Kitkat 4.4.2 Note: Make sure the application is running on the device connected to the system. 1. With the help of Drozer tool, list down the activities exported by the application using the following command: run app.activity.info -a im.delight.faceles...

Google Report Lauds Android Security Enhancements

Google has put some hard numbers behind the effectiveness of the security enhancements it has dropped into Android in the past year, and results show that things such as SE Linux SE Android, Verify Apps and Safety Net have cut down on successful attacks against the Android operating system,...

Android DoS

WiFi direct function DoS...

CVE-2014-8610

The CVE describes a vulnerability in Android prior to 5.0.0 where AndroidManifest.xml does not require SEND_SMS for the SmsReceiver, allowing an unprivileged app to cause stored SMS messages to be resent or new draft SMS messages to be sent by broadcasting the com.android.mms.transaction.MESSAGE_...

Prey Anti-Theft for Android missing SSL certificate validation [STIC-2014-0731]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fundacion Dr. Manuel Sadosky - Programa STIC Advisory www.fundacionsadosky.org.ar Prey Anti-Theft for Android missing SSL certificate validation 1. Advisory Information Title: Prey Anti-Theft for Android missing SSL certificate validation Advisory ID:...

Android WAPPushManager SQL Injection Vulnerability

Android WAPPushManager SQL Injection Vulnerability. INTRODUCTION ================================== In Android 5.0, a SQL injection vulnerability exists in the opt module WAPPushManager, attacker can remotely send malformed WAPPush message to launch any activity or service in the victim's phone...

Android Privilege Escalation

In Android This means that when ObjectInputStream is used on untrusted inputs, an attacker can cause an instance of any class with a non-private parameterless constructor to be created. All fields of that instance can be set to arbitrary values. The malicious object will then typically either be...

CVE-2014-7650

The JJA- Juvenile Justice Act 1986 aka com.felix.jja application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Design/Logic Flaw

The Grandparenting is Great aka com.appgig.layout application 1.400 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-7044

The Street Walker aka kt.road.StreetWalker application 0.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Server side request forgery (ssrf)

The Quest Federal CU Mobile aka com.metova.cuae.questfcu application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-6939

The Sketch W Friends FREE -Tablets aka air.com.xlabz.SketchWFriendsFree application 5.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

zergRush (CVE-2 0 1 1-3 8 7 4) mention the right vulnerability analysis-vulnerability warning-the black bar safety net

Recent finally turn Android, 2 0 1 1 years of the famous zergrush is the contact of the first ROOT vulnerability. Although it has been, only affects Android 2.2 - 2.3.6, but there is still necessary records about the analysis proceeds. On the market various ROOT tools basic are included zergrush,...