CVE-2019-2195

In tokenize of sqlite3android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2019-2218

In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for...

CVE-2019-2111

In loop of DnsTlsSocket.cpp, there is a possible heap memory corruption due to a use after free. This could lead to remote code execution in the netd server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9...

CVE-2019-2077

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114745929...

CVE-2019-2231

In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID...

CVE-2024-34672

Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users...

CVE-2019-16681

The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to the opening of arbitrary URLs, which can inject deceptive content into the UI. When in physical possession of the device, opening local files is also possible. NOTE: As of...

CVE-2019-12365

The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12370

The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12366

The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

Android XR Bulletin—February 2026Stay organized with collectionsSave and categorize content based on your preferences.

XR is releasing a set of patches as part of our Android Security Bulletin Monthly Release process. Review the Security bulletin FAQ article for more details about the security updates and instructions to validate the integrity of the supplied patches. The XR Security Bulletin contains details of...

Android Security Bulletin—January 2026Stay organized with collectionsSave and categorize content based on your preferences.

This Android Security Bulletin contains details of security vulnerabilities that affect Android devices. Security patch levels of 2026-01-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Within 48 hours afte...

CVE-2025-65835

The Cordova plugin cordova-plugin-x-socialsharing SocialSharing-PhoneGap-Plugin for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses...

Google Android 安全漏洞

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a missing privilege check vulnerability that can be exploited by attackers to cause a physical denial of service...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, an American company. Google Android suffers from a security vulnerability that stems from a logic error that could lead to the disclosure of configuration data...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the American company Google. Google Android suffers from a security vulnerability that stems from a lack of permission checking, which could lead to cross-user information disclosure...

Pixel Update Bulletin—November 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2025-09-05 or later address all issues in this bulletin and all issues in the November 2025 Android...

CVE-2025-12725

Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

Malwarebytes scores 100% in AV-Comparatives Stalkerware Test 2025

The AV-Comparatives Stalkerware Test 2025 delivers a sobering look at the evolving threat posed by stalkerware on mobile devices. Despite measures from both the tech industry and platform providers, stalkerware-type apps, which are apps that can be installed covertly to spy on a victim’s private...

Securing the Open Android Ecosystem with Samsung Knox

Raise your hand if you've heard the myth, "Android isn't secure." Android phones, such as the Samsung Galaxy, unlock new ways of working. But, as an IT admin, you may worry about the security—after all, work data is critical. However, outdated concerns can hold your business back from unlocking i...