200 matches found
CVE-2017-5626
OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands 4F500301 and 4F500302 that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code...
CVE-2017-5626
OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands 4F500301 and 4F500302 that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code...
CVE-2017-5626
OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands 4F500301 and 4F500302 that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code...
OnePlus 3/3T Bypassing the Bootloader’s Lock (CVE-2017-5626)
Bypassing the Bootloader’s Lock CVE-2017-5626 OnePlus 3 & 3T running OxygenOS 3.2 - 4.0.1 had two proprietary fastboot oem commands: 1. fastboot oem 4F500301 – bypasses the bootloader’s lock – allowing one with fastboot access to effectively unlock the device, disregarding OEM Unlocking, without...
OnePlus 3/3T: Bootloader disable dm-verity Vulnerability (CVE-2017-5624)
CVE-2017-5624, affecting all versions of OxygenOS to date, allows the attacker to disable dm-verity. The combination of the vulnerabilities enables a powerful attack – persistent highly privileged code execution without any warning to the user and with access to the original user’s data after the...
Authentication flaw
An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can iss...
CVE-2017-5554
An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can iss...
CVE-2017-5554
An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can iss...
CVE-2017-5554
An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can iss...
CVE-2017-5554
The CVE covers OnePlus 3/3T devices running OxygenOS before 4.0.2. A physical attacker can boot into fastboot without authentication by pressing Volume Up during boot and using adb reboot bootloader. Once in fastboot, the attacker can issue fastboot oem selinux permissive to set SELinux to Permis...
Huawei P9 Lock Screen Bypass Vulnerability
Huawei P9 is a smartphone product of Huawei, China. Huawei P9 suffers from a lock screen bypass vulnerability. An unauthenticated attacker can force the phone into fastboot mode and delete the user's password file during a phone reboot. The lock screen password disappears after the phone reboots...
MSI - NTIOLib.sys WinIO.sys Local Privilege Escalation
MSI - NTIOLib.sys WinIO.sys Local Privilege Escalation Exploit Title: MSI NTIOLib.sys, WinIO.sys local privilege escalation Date: 2016-09-26 Exploit Author: ReWolf Vendor Homepage: http://www.msi.com Version: too many Tested on: Windows 10 x64 TH2, RS1 Full description:...
CentOS 7 : kexec-tools (CESA-2015:0986)
Updated kexec-tools packages that fix one security issue, one bug, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
[SECURITY] Fedora 21 Update: android-tools-20141219git8393e50-2.fc21
The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...
Appie - Android Pentesting Portable Integrated Environment
Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick.This is a one stop answer for all the tools needed in Android Application Security Assessment. Difference between Appie and existing...
Use HTC One vulnerability to crack mobile PIN password-vulnerability warning-the black bar safety net
HTC One phone is running Android 4.2.2 and HBOOT 1.54.0000, it exists a file called Bootloader vulnerability. This vulnerability early in the 2 0 1 4 year 2 month's report to the HTC official, and at times months to fix the vulnerability. In get HTC official consent, we will now take the entire...
CVE-2014-4325
The cmdboot function in app/aboot/aboot.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a...
Command injection
The cmdboot function in app/aboot/aboot.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a...
CVE-2014-4325
CVE-2014-4325 affects the cmd_boot function in app/aboot/aboot.c within the Little Kernel (LK) bootloader used in Qualcomm Innovation Center Android contributions for MSM devices. The vulnerability allows bypassing device-lock and kernel-signature restrictions by using fastboot mode to boot an ar...
[Santoku 0.4] Distribution dedicated to mobile forensics, malware analysis and security testing
Santoku includes a number of open source tools dedicated to helping you in every aspect of your mobile forensics, malware analysis, and security testing needs, including: Development Tools: Android SDK Manager AXMLPrinter2 Fastboot Heimdall src | howto Heimdall GUI src | howto SBF Flash Penetrati...