MAL-2023-450 Malicious code in flutter_appsflyer_sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 925db0740f51975e7310d7357f8e32c78cb9d96496fc52915d6eff365500204a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

New Android Malware 'FluHorse' Targeting East Asian Markets with Deceptive Tactics

Various sectors in East Asian markets have been subjected to a new email phishing campaign that distributes a previously undocumented strain of Android malware called FluHorse that abuses the Flutter software development framework. "The malware features several malicious Android applications that...

Google Chrome Skia Integer Overflow Vulnerability

Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other...

Top Benefits of Using Flutter for Cross-Platform App Development

By Owais Sultan Todays mobile-first world calls for functional solutions that meet the expectations of smartphone users. Creating a user-friendly mobile… This is a post from HackRead.com Read the original post: Top Benefits of Using Flutter for Cross-Platform App Development...

Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims

A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims into paying up with personal information stolen from their devices. Mobile security company Zimperium dubbed the activity MoneyMonger, pointing out the use of the cross-platform...

CVE-2022-3095

The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '' characters in URIs, which can lead to auth bypass in webapp...

CVE-2022-3095

The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '' characters in URIs, which can lead to auth bypass in webapp...

CVE-2022-3095 Incorrect parsing of the backslash characters in Dart library

The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '' characters in URIs, which can lead to auth bypass in webapp...

CVE-2022-3095

CVE-2022-3095 affects Dart/Flutter: the Dart URI class uses RFC 3986 syntax for backslash parsing, diverging from WhatWG URL standards and causing incompatibilities with \ in URIs. This can enable authentication bypass in web apps that parse URIs. Affected: Dart versions prior to 2.18 and Flutter...

PT-2022-20404 · Google · Flutter +1

Name of the Vulnerable Software and Affected Versions: Dart versions prior to 2.18 Flutter versions prior to 3.30 Description: The implementation of backslash parsing in the Dart URI class differs from the WhatWG URL standards, as it uses the RFC 3986 syntax. This creates incompatibilities with t...

invoiceninja cross-site scripting vulnerability

invoiceninja is an open source invoicing application built with Laravel and Flutter. invoiceninja suffers from a cross-site scripting vulnerability that can be exploited by attackers to execute malicious scripts...

reFlutter - Flutter Reverse Engineering Framework

This framework helps with Flutter apps reverse engineering using the patched version of the Flutter library which is already compiled and ready for app repacking. This library has snapshot deserialization process modified to allow you perform dynamic analysis in a convenient way. Key features:...

invoiceninja 跨站脚本漏洞

invoiceninja is an open source invoicing application built with Laravel and Flutter. invoiceninja suffers from a cross-site scripting vulnerability that can be exploited by attackers to execute malicious scripts...

Malicious Joker App Scores Half-Million Downloads on Google Play

The Joker malware is back again on Google Play, this time spotted in a mobile application called Color Message. The app was downloaded more than 500,000 times before its removal from the store. Users should immediately delete Color Message from their devices to avoid being defrauded, researchers ...

Android Apps in Google Play Harvest Facebook Credentials

A set of nine malicious Android apps that steal Facebook credentials were found on Google Play, which racked up a collective 5.9 million installations before Google removed them. According to Dr. Web’s malware analysts, the applications were fully functional, so that victims remained in the dark...

Invoice Ninja 代码问题漏洞

invoiceninja is a Github open source application an open source invoice application built with Laravel and Flutter Invoice Ninja has a security vulnerability before 4.4.0 that allows an attacker to deserialize arbitrary PHP classes...