165 matches found
ok.ru: Multiple critical vulnerabilities in Odnoklassniki Android application
Hello, I have recently found several critical vulnerabilities in Odnoklassniki Android application, which is one of your projects, thus I am reporting it here. The first vulnerability is so called Intent spoofing. The vulnerability lies in ability to start the video upload activity of Odnoklassni...
CVE-2014-8610
AndroidManifest.xml in Android before 5.0.0 does not require the SENDSMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for ol...
CVE-2014-8610
The CVE describes a vulnerability in Android prior to 5.0.0 where AndroidManifest.xml does not require SEND_SMS for the SmsReceiver, allowing an unprivileged app to cause stored SMS messages to be resent or new draft SMS messages to be sent by broadcasting the com.android.mms.transaction.MESSAGE_...
Most Sophisticated Android malware ever detected
A new piece of sophisticated Android malware has been discovered by security researchers at Kaspersky Labs. Dubbed as Backdoor.AndroidOS.Obad.a, it is the most sophisticated piece of Android malware ever seen. It exploits multiple vulnerabilities, blocks uninstall attempts, attempts to gain root...
Dolphin Browser HD Cross Application Scripting
1 Background ============ Android applications are executed in a sandbox environment, to ensure that no application can access sensitive information held by another, without adequate privileges. For example, the Dolphin browser application holds sensitive information such as cookies, cache and...