WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term...

CVE-2022-31541

The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2019-20599

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 software. Voice Assistant mishandles the notification audibility of a secured app. The Samsung ID is SVE-2018-13326 May 2019...

EUVD-2020-12635

Malware in sbrugna...

EUVD-2020-2717

Malware in sbrugna...

EUVD-2020-2718

Malware in sbrugna...

EUVD-2019-11139

Malware in sbrugna...

EUVD-2018-13565

Malware in sbrugna...

CVE-2020-10262

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the miconsole command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can i read Wi-Fi SSID or password, ...

CVE-2020-1809

HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143C00E143R2P4 have an information disclosure vulnerability. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone...

CVE-2018-21047

An issue was discovered on Samsung mobile devices with O8.x software. There is a Factory Reset Protection FRP bypass via the voice assistant because Internet access begins before the Setup Wizard finishes. The Samsung ID is SVE-2018-12894 November 2018...

This Week in Spring - December 10th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I am in the southern hemisphere it's summer down here!, in Brisbane, waiting to board a plane for Sydney. It's been a ton of fun! I did a video looking at the latest-and-greatest in Spring Framework 6.2 - chec...

Smart home assistants at risk from "NUIT" ultrasound attack

A new form of attack named "Near Ultrasound Inaudible Trojan" NUIT has been unveiled by researchers from the University of Texas. NUIT is designed to attack voice assistants with malicious commands remotely via the internet. Impacted assistants include Siri, Alexa, Cortana, and Google Assistant...

Barry-Voice-Assistant path traversal vulnerability

Barry-Voice-Assistant is a voice assistant from the Bulgarian personal developer Lyuboslav Karev. Barry-Voice-Assistant 2021-01-18 and earlier versions have a path traversal vulnerability, which stems from the failure of Flask's sendfile function to properly filter special elements in resource or...

CVE-2022-31541

The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31541

The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31541

The CVE-2022-31541 entry concerns the Barry-Voice-Assistant project (GitHub) where absolute path traversal is possible due to unsafe use of Flask’s send_file. The Red Hat, CNVD, CNVD-like entries align with this description, identifying the issue as a path traversal vulnerability in Barry-Voice-A...

Barry-Voice-Assistant 路径遍历漏洞

Barry-Voice-Assistant is a voice assistant from the Bulgarian personal developer Lyuboslav Karev. Barry-Voice-Assistant 2021-01-18 and earlier versions have a path traversal vulnerability, which stems from the failure of Flask's sendfile function to properly filter special elements in resource or...

An Alexa Bug Could Have Exposed Your Voice History to Hackers

Amazon has patched the flaw, but its discovery underscores the importance of locking down your voice assistant interactions...

A New Gadget Stops Voice Assistants From Snooping on You

Meet LeakyPick, the low-cost audio spy detector for your Amazon Alexa, Google Home, and other network-connected devices...