CVE-2023-47355

The com.eypcnnapps.quickreboot aka Eyuep Can Yilmaz ROOT Quick Reboot application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery e.g., com.eypcnnapps.quickreboot.widget.PowerOff that are susceptible to unauthorized broadcasts because of missing input validati...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to sensitive data Increased user rights...

CVE-2023-49794 The logic of get apk path in KernelSU module can be bypassed

KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named me.weishu.kernelsu get root permission. If a KernelSU module installed device try to install any not...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights Access to sensitive data...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS Access to sensitive data Increased user privileges The most serious vulnerability allows a malicious part...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Increased user privileges The most serious...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Increased user privileges The most serious...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Arm and Mediatek. The vulnerabilities potentially enable a malicious party to perform attacks that result in the following categories of...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Arm, Imagination Technologies and Mediatek. The vulnerabilities potentially enable a malicious person to execute attacks that result in...

CVE-2023-21127

In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12...

Chromecast Security Bulletin—June 2023Stay organized with collectionsSave and categorize content based on your preferences.

The Chromecast Security Bulletin contains details of security vulnerabilities affecting supported Chromecast with Google TV devices Chromecast devices. For Chromecast devices, security patch levels of 2023-04-01 or later address all applicable issues in the April 2023 Android Security Bulletin an...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Arm, Imagination Technologies, Unisoc and Widevine. The vulnerabilities potentially enable a malicious person to execute attacks that...

The vulnerabilities of Mozilla Firefox, Focus for Android, Mozilla Firefox ESR, and the email client Thunderbird involve allowing an unauthorized pointer to be freed, enabling a hacker to execute arbitrary code or cause a service failure.

The vulnerabilities of Mozilla Firefox, Focus for Android, Mozilla Firefox ESR, and the email client Thunderbird are related to the exploitation of an invalid pointer. Exploiting these vulnerabilities allows a remote attacker to execute arbitrary code or cause service interruptions...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Arm, Imagination Technologies, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious person to execute attacks that...

CVE-2023-21080

In registernotificationrsp of btifrc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...

A week in security (April 3 - 9)

Last week on Malwarebytes Labs: TikTok: Whats going on and should I be worried? Super FabriXss: an RCE vulnerability in Azure Service Fabric Explorer Big changes to Twitter verification: How to spot a verified account New macOS malware steals sensitive info, including a user's entire Keychain...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Arm, Imagination Technologies, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious person to execute attacks that...

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group TAG has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap...

CVE-2023-20993

In multiple functions of SnoozeHelper.java, there is a possible failure to persist settings due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2023-20972

In btmvendorspecificevt of btmdevctl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...