655 matches found
CVE-2019-2179
In NDEFMsgValidate of ndefutils in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2012-4908
Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink...
CVE-2012-5180
The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application...
A week in security (May 4 – May 10)
Last week on Malwarebytes Labs: The AI chatbot cop squad is here Lock and Code S06E09 Android fixes 47 vulnerabilities, including one zero-day. Update as soon as you can! "Your privacy is a promise we don’t break": Dating app Raw exposes sensitive user data FBI issues warning as scammers target...
CVE-2025-20975
Improper Export of Android Application Components in AODService prior to version 8.8.28.12 allows local attackers to launch arbitrary activity with systemui privilege...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. The vulnerabilities are in the Keymaster trustlet, SmartManagerCN and FreeType, among others. The vulnerabilities allow a local attacker to run code on the device and execute code with SmartManagerCN privileges. Google reports receiving information tha...
CVE-2025-20968
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery...
Android fixes 47 vulnerabilities, including one zero-day. Update as soon as you can!
Google has patched 47 vulnerabilities in Android, including one actively exploited zero-day vulnerability in its May 2025 Android Security Bulletin. Zero-days are vulnerabilities that are exploited before vendors have a chance to patch them—often before they even know about them. The May updates...
Triada strikes back
Introduction Older versions of Android contained various vulnerabilities that allowed gaining root access to the device. Many malicious programs exploited these to elevate their system privileges and gain persistence. The notorious Triada Trojan also used this attack vector. With time, the...
PT-2025-17307 · Element · Element
Name of the Vulnerable Software and Affected Versions: Element X Android versions prior to 25.04.2 Description: A crafted hyperlink on a webpage or a locally installed malicious app can force Element X to load a webpage with similar permissions to Element Call, automatically granting it temporary...
A week in security (April 7 – April 13)
Last week on Malwarebytes Labs: The Pall Mall Pact and why it matters Child predators are lurking on dating apps, warns report Your 23andMe genetic data could be bought by China, senator warns WhatsApp for Windows vulnerable to attacks. Update now! Man accused of using keylogger to spy on...
Google fixes two actively exploited zero-day vulnerabilities in Android
Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say "zero-day" we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published...
A week in security (March 3 – March 9)
Last week on Malwarebytes Labs: TikTok: Major investigation launched into platform’s use of children’s data PayPal scam abuses Docusign API to spread phishy emails Android zero-day vulnerabilities actively abused. Update as soon as you can I spoke to a task scammer. Here’s how it went Android...
Android zero-day vulnerabilities actively abused. Update as soon as you can
Google has issued updates to fix 43 vulnerabilities in Android, including two zero-days that are being actively exploited in targeted attacks. The updates are available for Android 12, 12L, 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, th...
Security Vulnerabilities fixed in Firefox 136 — Mozilla
On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Included in this update are updates to closed-source components from Qualcomm, Imagination Technologies, Unisoc and MediaTek. Samsung has fixed vulnerabilities in Samsung Mobile that are relevant to Samsung mobile devices. The vulnerabilities include...
CVE-2025-20897
Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder...
CVE-2025-20899
CVE-2025-20899 concerns an improper access control flaw in Samsung’s PushNotification component. Affected: PushNotification prior to 13.0.00.15 on Android 12, prior to 14.0.00.7 on Android 13, and prior to 15.1.00.5 on Android 14. The root cause is access-control weaknesses that could allow a loc...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to grant themselves elevated privileges on the device to execute arbitrary code, possibly with system privileges and gain access to sensitive data. Successful abuse requires the malicious party to tric...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or grant themselves elevated privileges on the device and thus execute arbitrary code, possibly with system privileges and gain access to sensitive data. Successful...