Grandstream Wave 1.0.1.26 Update Redirection

CVE-2016-1520: GrandStream Android VoIP App Update Redirection ============================================================== Affected app: Grandstream WaveGSWAVE version 1.0.1.26 and probably earlier Classification: CWE-300 Channel Accessible by Non-EndpointCWE300 CWE-319 Cleartext Transmission ...

Memory corruption

btifconfig.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service memory corruption and persistent daemon crash by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration file, aka internal bu...

Lobotomy - Android Reverse Engineering Framework & Toolkit

Lobotomy is an Android security toolkit that will automate different Android assessments and reverse engineering tasks. The goal of the Lobotomy toolkit is to provide a console environment, which would allow a user to load their target Android APK once, then have all the necessary tools without...

How To Keep Your Android Phone Secure

As the number of threats is on the rise, Android platform is no longer safe, which isn't a surprise to anyone. Most of us are usually worried more about the security of our desktops or laptops and forget to think about the consequences our smartphones can make if compromised or stolen. Unlike...

CVE-2016-0805

The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204...

CVE-2016-0805

CVE-2016-0805 affects Qualcomm ARM kernels, specifically the Qualcomm Performance Module in Android. The issue resides in the kernel function get_krait_evtinfo, which returns an index into an array used by other kernel functions; crafted input can generate a malicious index and cause a buffer ove...

AndroL4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

AndroL4b is an android security virtual machine based on ubuntu Mate includes the collection of latest framework, tutorials and labs from different security geeks and researcher for reverse engineering and malware analysis. Tools APKStudio Cross-platform Qt5 based IDE for reverse-engineering...

Nexus Security Bulletin - February 2016Stay organized with collectionsSave and categorize content based on your preferences.

We have released a security update to Nexus devices through an over-the-air OTA update as part of our Android Security Bulletin Monthly Release process. The Nexus firmware images have also been released to the Google Developer site. Builds LMY49G or later and Android M with Security Patch Level o...

Code injection

The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875...

BrainTest Malicious Android Apps Removed From Google Play

Update The Brain Test mobile malware family has once again been evicted from Google Play. Known for piggy-backing on fully functioning mobile applications, the malware’s various iterations try to root Android devices, download malicious APKs and inflate the Google Play ratings of other apps writt...

Nexus Security Bulletin—January 2016Stay organized with collectionsSave and categorize content based on your preferences.

We have released a security update to Nexus devices through an over-the-air OTA update as part of our Android Security Bulletin Monthly Release process. The Nexus firmware images have also been released to the Google Developer site. Builds LMY49F or later and Android 6.0 with Security Patch Level...

CVE-2015-6640

The prctlsetvmaanonname function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service vma list corruption via a crafted application,...

Nexus Security Bulletin - December 2015Stay organized with collectionsSave and categorize content based on your preferences.

We have released a security update to Nexus devices through an over-the-air OTA update as part of our Android Security Bulletin Monthly Release process. The Nexus firmware images have also been released to the Google Developer site. Builds LMY48Z or later and Android 6.0 with Security Patch Level...

Mozilla Firefox for Android < 41.0 Unknown Protocol Pasted URL Handling Spoofing

Binary data 9017.prm...

Design/Logic Flaw

Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI...

The industry's conscience: BlackBerry can bypass operators to offer Android security patches-bug warning-the black bar safety net

Each Android phone manufacturer managed to every month on time security updates, but they face a big problem: security updates usually need to obtain the operator's approval, which means that before the update need to wait a few weeks. However, BlackBerry select uncompromising. BlackBerry company...

1-Click Way to Check If your Android Device is Vulnerable to Hacking

Vulnerabilities are common these days and when we talk about mobile security, this year has been somewhat of a trouble for Android users. Almost every week we come across a new hack affecting Android devices. One of the serious vulnerabilities is the Stagefright Security Bug, where all it needed ...

CVE-2015-3865

CVE-2015-3865 : Elevation of privilege in the Android Runtime (ART) before 5.1.1 LMY48T allows a crafted application to gain Signature or SignatureOrSystem privileges, as described in the NVD entry. The root cause is an ART elevation-of-privilege flaw enabling local code execution within an eleva...

Nexus Security Bulletin - October 2015Stay organized with collectionsSave and categorize content based on your preferences.

We have released a security update to Nexus devices through an over-the-air OTA update as part of our Android Security Bulletin Monthly Release process. The Nexus firmware images have also been released to the Google Developer site. Builds LMY48T or later such as LMY48W and Android M with Securit...

Integer overflow

Integer overflow in the BitmapcreateFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service systemserver crash or obtain sensitive systemserver memory-content information via a crafted application that leverages...