Android Security Bulletin—May 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2025-05-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

Exploit for Deserialization of Untrusted Data in Google Android

CVE-2024-31317-PoC-Deployer!Android Versionhttps://img.shie...

Android Improves Its Security

Android phones will soon reboot themselves after sitting idle for three days. iPhones have had this feature for a while; it's nice to see Google add it to their phones...

Pixel Update Bulletin—April 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2025-04-05 or later address all issues in this bulletin and all issues in the April 2025 Android Securi...

Pixel Watch Security Bulletin—April 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices Google Devices. For Google devices, security patch levels of 2025-04-05 or later address all issues in this bulletin and all issues in the April 2025 Android Security Bulletin and all issu...

Google Android elevation of privilege vulnerability (CNVD-2025-07520)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that stems from insecure deserialization, which can be exploited by an attacker to bypass the parcel mismatch mitigation and elevate privileges...

CVE-2025-3067

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. Chromium security severity: Medium...

CVE-2025-3068

Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-3068

CVE-2025-3068 – Google Chrome on Android : An inappropriate implementation in Intents allows privilege escalation via a crafted HTML page. Affected software is Chrome for Android (pre-135.0.7049.52). The underlying issue is in the Intents handling path, enabling a remote attacker to escalate priv...

CVE-2025-3067

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. Chromium security severity: Medium...

CVE-2025-3067

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. Chromium security severity: Medium...

CVE-2025-3068

Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

Cell Phone OPSEC for Border Crossings

I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about securing phones. Are there easy ways to delete data--files, photos, etc.--on phones so it can't be recovered? Does resetting a phone to...

CVE-2025-25758

CVE-2025-25758 affects KukuFM Android app v1.12.7 (11207). The root cause is android:allowBackup="true" in AndroidManifest.xml, which can let an attacker access sensitive plaintext data. According to the provided data, this yields a high confidentiality impact (C:H) with no impact on integrity or...

CVE-2025-2355 BlackVue App API Endpoint credentials storage

A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCSTOKEN/SECRETKEY leads to unprotected storage of credentials. Local access is...

CVE-2025-2342

CVE-2025-2342 affects the IROAD X5 Mobile App (Android) up to version 5.2.5. The vulnerability targets an unknown function within the API Endpoint component, where manipulation results in hard-coded credentials. This enables a remote attack without user interaction. The incident is publicly discl...

CVE-2025-27606 Element Android PIN autologout bypass

Element Android is an Android Matrix Client provided by Element. Element Android up to version 1.6.32 can, under certain circumstances, fail to logout the user if they input the wrong PIN more than the configured amount of times. An attacker with physical access to a device can exploit this to...

CVE-2025-20926

CVE-2025-20926 affects Samsung My Files on Android 14, prior to version 15.0.07.5. Root cause: improper export of Android application components. Impact: local attackers with My Files privileges may access files within My Files. Exploitation status and in-the-wild details are not provided in the ...

Exploit for CVE-2025-25381

CVE-2025-25381: Plaintext Storage of Sensitive Information in...

Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud

Google has announced the rollout of artificial intelligence AI-powered scam detection features to secure Android device users and their personal information. "These features specifically target conversational scams, which can often appear initially harmless before evolving into harmful situations...