25 matches found
CVE-2021-0691
In the SELinux policy configured in systemapp.te, there is a possible way for systemapp to gain code execution in other processes due to an overly-permissive SELinux policy. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed fo...
Jackman-AL00D 资源管理错误漏洞
Huawei Jackman-AL00D is a basic firmware for mobile devices from Huawei China. A resource management error vulnerability exists in Jackman-AL00D version 8.2.0.185 C00R2P1, which arises from improper management of system resources e.g., memory, disk space, files, etc. by a networked system or...
CVE-2020-0481
In AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a non-system app to send a broadcast it shouldn't have permissions to send, with no additional execution privileges needed. User interaction is not needed for...
Pig in a poke: smartphone adware
Our support team continues to receive more and more requests from users complaining about intrusive ads on their smartphones from unknown sources. In some cases, the solution is quite simple. In others, the task is far harder: the adware plants itself in the system partition, and trying to get ri...
The new landscape of pre-installed mobile malware: malicious code within
Here's a scary thought: Mobile devices may soon come with pre-installed malware on required system apps. While it might sound like a grim foretelling, pre-installed mobile malware is an unfortunate reality of the future. In the past, we’ve seen pre-installed malware with the notorious Adups threa...