Samsung KNOX Information Disclosure Vulnerability

Samsung KNOX is a set of enterprise mobile security solutions based on the Android platform from Samsung South Korea. The program offers features such as device protection, management and development options. An information disclosure vulnerability exists in version 1.0 of Samsung KNOX on the...

Got a Smartphone with Android 4.3 or earlier? No WebView Vulnerability Patch for You

Owning a smartphone running Android 4.3 Jelly Bean or an earlier versions of Android operating system ?? Then you are at a great risk, and may be this will never end. Yes, you heard right. If you are also one of millions of users still running Android 4.3 Jelly Bean or earlier versions of the...

Android KeyStore Stack Buffer Overflow (CVE-2014-3100)

Hi, We have discovered a stack-based buffer overflow in the Android KeyStore service which affects Android 4.3 and below. The issue was patched in Android 4.4. The vulnerability is identified as CVE-2014-3100. More details are available at: 1. Blog post: http://ibm.co/1pbk4yH 2. Advisory:...

CSP Bypass in android browser prior to 4.4

Hello. I hope this is the correct place to report this bug. I've found a Content Security Policy bypass similar to the same and related to the same origin policy bypass in this CVE. This is a separate vulnerability, however. https://vulners.com/cve/CVE-2014-6041 I've tested this on an Android 4.3...

Android Browser CSP Bypass

Hello. I hope this is the correct place to report this bug. I've found a Content Security Policy bypass similar to the same and related to the same origin policy bypass in this CVE. This is a separate vulnerability, however. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6041 I've tested...

Code injection

A certain Qualcomm Innovation Center QuIC patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum CAF releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption...

Android LaunchAnyWhere (Google Bug 7 6 9 9 0 4 8)vulnerability explanation and Defense measures-vulnerability warning-the black bar safety net

Start Recently, Google repair a component of the security vulnerability LaunchAnyWhere Google Bug 7 6 9 9 0 4 8 in. This vulnerability belongs to the Intend Based extraction vulnerability, an attacker exploit this vulnerability, you can break the Inter-application permission isolation, reach to...

Stack overflow

Stack-based buffer overflow in the encodekey function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name...

CVE-2014-3100

Stack-based buffer overflow in the encodekey function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name...

Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw

A critical code-execution vulnerability almost affecting everyone those are not running the most updated version of Google Android, i.e. Android version 4.4 also known as KitKat. After nine months of vulnerability disclosure to the Android security team, researchers of the Application Security te...

keystore buffer

Stack-based buffer overflow in the encodekey function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name...

CVE-2013-6770

The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then...

XDA Forum hackers again proof Sony Xperia Z2 UI-bug warning-the black bar safety net

Recently a senior XDA developer Forum member in the online release of more than one Xperia Z2 real machine picture, and shows the phone running Android 4.3 system, using the new UI, the phone use is very unstable, the UI has been crashing. Today, the XDA member latest release of the Xperia Z2...

Proof-of-Concept App Released for Android Jelly Bean Security Bypass Bug

The researchers who discovered a serious vulnerability in Android 4.3 Jelly Bean that enables a malicious app to disable the security locks on a vulnerable device have published a proof-of-concept app that exploits the bug, as well as source code for the app. The vulnerability in question lies in...

Vulnerability in Android 4.3 allows apps to Remove Device Locks, POC app released

None...

Android 4.3 Superuser Root Privilege Escalation

Current releases of the CyanogenMod/ClockWorkMod/Koush Superuser package may allow restricted local users to execute arbitrary commands as root in certain, non-default device configurations. Android 4.3 introduced the concept of "restricted profiles," created through the Settings - Users menu. A...