CVE-2014-9787

CVE-2014-9787 describes an integer overflow in drivers/misc/qseecom.c of the Qualcomm component used in Android on Nexus 7 (2013) devices. The vulnerability could allow a local attacker to gain privileges via a crafted application, due to the overflow in the Qualcomm qseecom driver. Public detail...

Samsung Android JACK - Privilege Escalation

Exploit for Android platform in category local exploits Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=796 https://bugs.chromium.org/p/project-zero/issues/detail?id=795 The usermode audio subsystem for the "Samsung Android Professional Audio" is based on JACK, which appears to...

Android security development of ZIP file directory traversal-vulnerability warning-the black bar safety net

ZIP compressed package file to allow the presence of“../”string, an attacker can carefully construct the ZIP file, use multiple“../”thereby changing the ZIP package to a file in the storage position, the cover to replace the application the original file. If the overwritten file is available. so...

Mobile Triada and Horde Variants Bypass Android Security

Two mobile variants of Triada and Horde malware have been spotted in the wild by Check Point Software Technologies researchers who warn the latest samples have adopted dangerous new techniques including the ability to evade Google’s security on some OS versions. The Android Trojan called Triada,...

Code injection

Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658...

CVE-2016-2491

The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27556408...

June 2016 Android Security Bulletin

Google today pushed out its monthly Android patches, addressing what is becoming a monthly custom of a critical Mediaserver vulnerability, in addition to a half-dozen critical flaws in different Qualcomm drivers. The Android Security Bulletin includes patches for eight critical flaws, and while...

UBUNTU-CVE-2016-1671

Google Chrome before 50.0.2661.102 on Android mishandles / slash and \ backslash characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filenameutil.cc...

CVE-2016-2448

media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly validate entry data structures, which allows attackers to gain privileges via a crafted application, as...

CVE-2016-2440

CVE-2016-2440 affects Android’s Binder component, specifically the code path in libs/binder/IPCThreadState.cpp within Binder. The description indicates that object references are mishandled, allowing a crafted application to gain privileges (elevation of privilege) on affected Android versions. A...

Exploiting CVE-2016-2060 on Qualcomm Devices

Mandiant’s Red Team recently discovered a widespread vulnerability affecting Android devices that permits local privilege escalation to the built-in user “radio”, making it so an attacker can potentially perform activities such as viewing the victim’s SMS database and phone history. The...

Google Patches More Trouble in Mediaserver

Google has re-branded its monthly patch release, bringing a new name and new scope to the newly renamed Android Security Bulletin. While that may be new, the content is definitely familiar. Once again, critical remote code execution Mediaserver vulnerabilities dominate this month’s patches...

Android Security Bulletin—May 2016Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air OTA update. The Nexus firmware images have also been released to the Google Developer site...

CVE-2016-0846

libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining...

CVE-2016-0842

CVE-2016-0842 affects libstagefright’s H.264 decoder in Android 6.x prior to 2016-04-01. The root cause is improper handling of MMCO data, enabling memory corruption that could allow remote code execution or a denial of service via crafted media files. Public details specify the affected componen...

CVE-2016-2427

The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug...

CVE-2016-0849

CVE-2016-0849 describes an Elevation of Privilege in Android’s Recovery Procedure due to multiple integer overflows in minzip/SysUtil.c. A local attacker could exploit a crafted application to gain Signature or SignatureOrSystem privileges. Affected versions: Android 5.0.x prior to 5.0.2, 5.1.x p...

CVE-2016-2422

CVE-2016-2422 describes an Android Wi‑Fi elevation vulnerability where a Wi‑Fi CA certificate could be used in an unrelated CA role, enabling privilege escalation via a crafted app to gain Signature or SignatureOrSystem privileges. Affected: Android 4.x up to 4.4.3; 5.0.x up to 5.0.1; 5.1.x up to...

Nexus Security Bulletin—April 2016Stay organized with collectionsSave and categorize content based on your preferences.

We have released a security update to Nexus devices through an over-the-air OTA update as part of our Android Security Bulletin Monthly Release process. The Nexus firmware images have also been released to the Google Developer site. Security Patch Levels of April 02, 2016 or later address these...

Android 5.0.1 - Metaphor Stagefright Exploit (ASLR Bypass)

Exploit for Android platform in category remote exploits Source: https://github.com/NorthBit/Metaphor Metaphor - Stagefright with ASLR bypass By Hanan Be'er from NorthBit Ltd. Link to whitepaper: https://raw.githubusercontent.com/NorthBit/Public/master/NorthBit-Metaphor.pdf Twitter:...