165 matches found
GHSA-R8J4-96MX-RJCC Improper Restriction of XML External Entity Reference in skylot/jadx
skylot/jadx prior to 1.3.2 is vulnerable to Improper Restriction of XML External Entities when a user is tricked into exporting a malicious APK file via the -e option containing a crafted AndroidManifest.xml / strings.xml to gradle, leading to possible local file disclosure...
Google Android Automotive Os Elevation of Privilege Vulnerability
Google Android Automotive Os is an operating system and platform from Google that runs directly on in-vehicle hardware. Google Android Automotive Os suffers from an elevation of privilege vulnerability that originates in LocationSettingsActivity in AndroidManifest.xml, where an EoP is possible du...
CVE-2021-1036
CVE-2021-1036 corresponds to an elevation-of-privilege vulnerability in Android’s LocationSettingsActivity via a tapjacking/overlay attack. Public records across NVD, Red Hat, CNVD and related sources confirm: affected products are Android 9–12 (and specifically AAOS references) with the vulnerab...
CVE-2021-1038
In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11...
Privilege escalation
In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
Design/Logic Flaw
In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2021-1038
In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11...
CVE-2021-1038
CVE-2021-1038 describes a DoS via a tapjacking/overlay vulnerability in UserDetailsActivity of AndroidManifest.xml, affecting Android 9–12. The root cause is an overlay/tapjacking issue that can cause local denial of service with no extra privileges; exploitation requires user interaction per CVS...
CVE-2021-1039
In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2021-1039
CVE-2021-1039 affects Android Platform apps: NotificationAccessActivity in AndroidManifest.xml can enable a local elevation of privilege via a tapjacking/overlay trick. Affected: Android 9–12. Root cause: overlay/tapjacking allows bypass of user interaction requirements to gain higher privileges ...
CVE-2021-0999
CVE-2021-0999 affects Android 12 and relates to the broadcast definition in AndroidManifest.xml that can set the A2DP Bluetooth device connection state due to a missing permission check. The underlying issue is a privilege-escalation flaw that does not require user interaction and can be exploite...
PUB-A-196858999
In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
PUB-A-182583850
In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to disable bluetooth connection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
Reddit: com.reddit.frontpage vulernable to Task Hijacking (aka StrandHogg Attack)
Summary: The app com.reddit.frontpage is vulnerable to Task Hijacking used by widespread Android trojans. Task hijacking allows malicious apps to inherit permissions of vulnerable apps and is usually used for phishing login credentials of victims. Impact: Assuming a malicious actor want's to grab...
CVE-2020-0481
In AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a non-system app to send a broadcast it shouldn't have permissions to send, with no additional execution privileges needed. User interaction is not needed for...
CVE-2020-0122
In the permission declaration for com.google.android.providers.gsf.permission.WRITEGSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...
CVE-2020-0122
In the permission declaration for com.google.android.providers.gsf.permission.WRITEGSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...
ASB-A-147247775
In the permission declaration for com.google.android.providers.gsf.permission.WRITEGSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
50m-ctf: $50 million CTF Writeup
Summary: For a brief overview of the challenge you can take a look at the following image: F451370 Below I will detail each step that I took to solve the CTF, moreover all the bad assumptions that led me to a dead end in some cases. Twitter The CTF begins with this tweet: F451371 What is this...
Design/Logic Flaw
In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFICHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, wi...