EUVD-2020-4176

Malware in sbrugna...

CVE-2024-53935

The com.callos14.callscreen.colorphone aka iCall OS17 - Color Phone Flash application through 4.3 for Android enables any application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.callos14.callscreen.colorphone.DialerActivity component...

CVE-2020-11836

OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no...

Amnesty Finds Cellebrite's Zero-Day Used to Unlock Serbian Activist's Android Phone

A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amnesty International. "The Android phone of one student protester was exploited and unlocked by a sophisticated zero-day exploi...

CVE-2024-37574

The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.iui.mobile.presentation.MobileActivity...

More helpful resources for users of all skill levels to help you Take a Security Action

Welcome to this weeks edition of the Threat Source newsletter. I continue to be saddened by all the conflict in Israel and Gaza thats still ongoing. Ill be back with a "normal" newsletter next week, as unfortunately, there doesnt seem to be a peaceful solution coming any time soon. In the meantim...

Google Urged to Stop Tracking Location Data Ahead of Roe Reversal

Lawmakers argue Android phone data could be “weaponized against women” if the US Supreme Court officially overturns abortion protections...

Oppo Android Phone with Qualcomm Chipset 安全漏洞

Oppo Android Phone with Qualcomm Chipset is an Android phone with Qualcomm chipset from Chinese company Oppo. Oppo Android Phone with Qualcomm Chipset suffers from a security vulnerability that stems from a third-party SDK that provides the ability to load third-party Providers...

Breaking the Android Bootloader on the Qualcomm Snapdragon 660

This post is a companion to the DEF CON 29 video available here. A few months ago I purchased an Android phone to do some research around a specific series of NFC chips, which required me to gain root access to the device in order to fully access its hardware capabilities. Gaining root access on...

Wallpaper that Crashes Android Phones

This is interesting: The image, a seemingly innocuous sunset or dawn sky above placid waters, may be viewed without harm. But if loaded as wallpaper, the phone will crash. The fault does not appear to have been maliciously created. Rather, according to developers following Ice Universe's Twitter...

Code injection

The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contains a platform app with a package name of com.qualcomm.qti.modemtestmode versionCode=24, versionName=7.0 that contains an exported service app component named...

“Unhackable” Bitfi crypto wallet. What’s all the fuss about?

If you haven’t already seen the Bitfi cryptocurrency wallet, check it out here. With backing from John McAfee, it’s claimed that the device is unhackable. So why all the fuss in the infosec community? Here’s the claim they make: ‘Completely un-hackable’ That is a very, very brave claim to make...

Devploit v3.6 - Information Gathering Tool

Devploit is a simple python script to Information Gathering. Download: git clone https://github.com/joker25000/Devploit How to use: cd Devploit chmod +x install ./install Run in Terminal Devploit To run in Android you do not install file Run direct python2 Devploit Properties: DNS Lookup Whois...

Security Flaws in 4G VoLTE

Research paper: "Subscribers remote geolocation and tracking using 4G VoLTE enabled Android phone," by Patrick Ventuzelo, Olivier Le Moal, and Thomas Coudray. Abstract: VoLTE Voice over LTE is a technology implemented by many operators over the world. Unlike previous 2G/3G technologies, VoLTE...

Teach you how to use the exploit to ROOT an Android phone-bug warning-the black bar safety net

As mobile the rapid development of Internet, smart phones, tablet PCs and other intelligent terminal equipment gradually popular, and slowly integrated into our lives. However at the same time the smartphone security issues are also increasingly prominent, the mobile payment vulnerabilities, mobi...

How to use Rowhammer vulnerability Root Android phone with Video demo+Exploit source code-the vulnerabilities and early warning-the black bar safety net

! Recently, security research experts through research found a root the Android phone to the new method, i.e., by Rowhammer vulnerability to root Android phone. In addition, the attacker can even use this exploit with presently known Android vulnerabilities Bandroid and Stagefright to the target...

Two kind of vulnerabilities, you can make a billion Android phone is to obtain Root permissions-bug warning-the black bar safety net

Trend Micro reported that billions of Android device on the discovered vulnerabilities, an attacker by a simple operation to obtain root access. Currently on the market most of the smart devices are using the Qualcomm Snapdragon SoCs system chip, according to the company's official website...

Souq.com: reflected xss on search bar (uae.souq.com)

the xss is executed in android phone or you can download user-agent switcher for google chrome then click Current: Android Handset to reproduce this bug as you see in pic 2.PNG steps: 1 go to http://uae.souq.com 2 put this payload on search bar : xss'+alert1+' 3the payload xss is executed 4 this...

Cool was traced to the presence of a backdoor threat to millions of users information security-vulnerability warning-the black bar safety net

Recently, security research firm PaloAlto Networks found that the domestic mobile phone manufacturers coolpad Android phone install the one named“CoolReaper”a backdoor program that may be related to more than 1, 0 0 0 million users of information security. ! Kupa was traced to the presence of a...

CVE 2013-6272 Android phone provide right to call vulnerability analysis-vulnerability warning-the black bar safety net

Description This class of vulnerability by the German security research organisation Curesec discovered late last year when the secret to tell Google until this year 7 month when it decided to publish a similar vulnerability. This vulnerability relates to the com. android. phone...