210 matches found
applican vulnerable to URL whitelist bypass
Overview applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican provides a whitelisting function whitelist.xml to limit the URLs that applications can access. However, if the application is launched using the URL-scheme, the...
flash-plugin: multiple code execution issues fixed in APSB15-11
Stack-based buffer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before...
Wiretapping storm: the Android platform https sniffing hijacking vulnerability-vulnerability warning-the black bar safety net
0x0 Preface Last year 1 0 mid-May, Tencent Security Center in the daily terminal Safety audits found that, in the Android platform used in https communication of app the vast majority of are not safe to use the google API, a direct result of https communication of sensitive information leakage ev...
Kindle App for Android fails to verify SSL server certificates
Overview Kindle App for Android fails to verify SSL server certificates. Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an...
Apache Cordova 3.5.1: CVE-2014-3502 update
The following text is amended from the original that was sent on August 4th. More background information on this amendment can be found at http://cordova.apache.org/announcements/2014/08/06/android-351-update.html Android Platform Release: 04 Aug 2014 CVE-2014-3502: Cordova apps can potentially...
aNmap - Android Network Mapper (Nmap for Android)
Nmap is one of the most improtant tools for every cracker white, grey black hat "hacker". Nmap is a legendary hack tool and probably the prevelent networt security port scanner tool over the last 10 years on all major Operating Systems. So far it was available in windows, linux and Mac OS X. But...
Adobe PhoneGap设备资源限制绕过漏洞
CVE ID:CVE-2014-1883 Apache PhoneGap是一款容易使用HTML5和JavaScript构建跨平台的移动应用的流行开源平台。 安卓平台上的Adobe PhoneGap使用shouldOverrideUrlLoading回调来代替正确的shouldInterceptRequest回调,允许攻击者利用漏洞通过特制的XMLHttpRequest方法来绕过设备资源限制,执行恶意操作。 0 Adobe PhoneGap 2.6.0 目前没有详细解决方案提供: https://cordova.apache.org/...
Symantec discovered Android Malware Toolkit named Dendroid
Android platform is becoming vulnerable day by day and hackers always try to manipulate android by applying novel techniques. In this regard, Symantec researchers have found a new android malware toolkit named “Dendroid”. Previously Symantec found an Android Remote admin tool named AndroRAT is...
VulnCheck KEV: CVE-2012-0773
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers...
[Mercury v2.2.0] The Android Assessment Framework
Mercury is a security assessment framework for the Android platform. It allows you to dynamically interact with the Inter-Process Communication IPC endpoints exported by an application installed on a device. Mercury provides similar functionality to a number of static analysis tools, such as aapt...
flash-plugin: multiple code execution flaws (APSB13-11)
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before...
Android platform and exposure feel free to turn on and turn off the phone wifi function vulnerability-vulnerability warning-the black bar safety net
Disclosure of status: 2013-03-05: positive contact vendors and wait for manufacturers to claim, details not open to the public 2013-03-05: vendor has been active ignored vulnerabilities, the details disclosed to the public Brief description: The Settings application contains com. android. setting...
Malnets to Continue Targeting Mobile Devices in 2013
Cybercriminals tested the water in 2012 with malnets — collections of domains, servers and websites designed to deliver malware -– and appear poised to target mobile devices even more so in 2013, according to a new report released yesterday. Blue Coat Systems’ 2013 Mobile Malware Report PDF posit...
Android Boat Browser / Boat Browser Mini 信息泄露漏洞(CVE-2012-5179)
CVE ID:CVE-2012-5179 Android Boat Browser / Boat Browser Mini是安卓平台下的浏览器应用。 Android平台下的Boat Browser / Boat Browser Min不正确实现WebView class,允许攻击者构建恶意应用,诱使用户安装后,获取敏感信息。 0 Android Boat Browser application 4.2之前版本 Android Boat Browser Mini application 3.9之前版本 厂商解决方案 用户可联系厂商获得最新的应用版本修复此漏洞:...
Report: 'Aggressive Adware' More Prevalent Among Android Malware
A new report from Trend Micro showed a 483 percent jump in malware — including “aggressive adware” that harvests person data without permission using legitimate ad networks. It’s no surprise that the open nature of the Android platform makes it a magnet for malware, but the type of malware becomi...
Android Dr. Web Anti-Virus信息泄露漏洞
Android Dr.Web Anti-virus是一款基于安卓平台的杀毒软件。 当处理com.drweb.activities.antispam.CursorActivit类中的SQL查询时存在错误,可被利用泄露呼叫历史和SMS消息。 0 Dr.Web Anti-virus for Android 7.x 厂商解决方案 Dr.Web Anti-virus for Android 7.00.2已经修复此漏洞,建议用户下载使用: http://news.drweb.com/show/?c=5&i=2573&lng=en...
[PT-2012-23] SQL Injection in Dr.Web Anti-virus
----------------------------------------------------------------------------- PT-2012-23 Positive Technologies Security Advisory SQL Injection in Dr.Web Anti-virus ----------------------------------------------------------------------------- --- Vulnerable software Dr.Web Anti-virus Version: 7.00...
Android Malware as Beware of Chinese called "The Roar of the Pharaoh"
Android Malware as Chinese game "The Roar of the Pharaoh" Security researchers have spotted a bogus Chinese game, that's actually a trojan horse gathering sensitive information from infected devices, next to sending premium-rate SMS messages. It is Chinese game that is original with its rights bu...
CVE-2012-1388
Unspecified vulnerability in the XiXunTianTian com.xixun.tiantian application 0.6.2 beta for Android has unknown impact and attack vectors...
Dropper Malware comes with DLL Hijacking Feature
Dropper Malware comes with DLL Hijacking Feature Trojans, Viruses, Worms have become the scare of the year, and with good reason. Many of the recent files are malicious in nature, causing the infected user at the very worst, to lose everything on their computer. There are few specially coded...