33 matches found
Pixel Update Bulletin—February 2022Stay organized with collectionsSave and categorize content based on your preferences.
The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2022-02-05 or later address all issues in this bulletin and all issues in the February 2022 Android...
A week in security (Oct 4 – Oct 10)
Last week on Malwarebytes Labs Does Cybersecurity Awareness Month actually improve security? Police take a piece out of a ransomware gang, but won’t say which one Neiman Marcus data breach affects millions Windows 11 is out. Is it any good for security? Criminals were inside Syniverse for 5 years...
Home screen icons(shortcuts) are removed after every Android update
On Android Enterprise Full managed device, Home screen appsshortcuts are getting removed after Android UpdateSamsung Patch. This happens only on Samsung devices and with all patches available. This is not specific to any patch...
Gigaset Android Update Server Hacked to Install Malware on Users' Devices
Gigaset has revealed a malware infection discovered in its Android devices was the result of a compromise of a server belonging to an external update service provider. Impacting older smartphone models — GS100, GS160, GS170, GS180, GS270 plus, and GS370 plus series — the malware took the form of...
CVE-2020-0204
In InstallPackage of package.cpp, there is a possible bypass of a signature check due to a Time of Check/Time of Use condition. This could lead to local escalation of privilege by allowing a bypass of the initial zip file signature check for an OS update with no additional execution privileges...
PT-2019-12568 · Google +1 · Android-Gif-Drawable +1
Name of the Vulnerable Software and Affected Versions: android-gif-drawable versions prior to 1.2.18 WhatsApp for Android versions prior to 2.19.244 Description: A double free vulnerability in the DDGifSlurp function in the android-gif-drawable library allows remote attackers to execute arbitrary...
CVE-2019-12103 – Analysis of a Pre-Auth RCE on the TP-Link M7350, with Ghidra!
TL;DR The TP-Link M7350 V3 is affected by a pre-authentication CVE-2019-12103, and a few post-authentication CVE-2019-12104 command injection vulnerabilities. These injections can be exploited remotely, if the attacker is on the same LAN or otherwise able to get access to the router web interface...
Code injection
The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps,...
Google Makes it Mandatory for OEMs to Roll Out Android Security Updates Regularly
Security of Android devices has been a nightmare since its inception, and the biggest reason being is that users don't receive latest security patch updates regularly. Precisely, it's your device manufacturer Android OEMs actually who takes time to roll out security patches for your devices and...
13 Critical Remote Code Execution Bugs Fixed in September Android Update
Google fixed 81 vulnerabilities, including 13 critical remote code execution bugs, in the September release of its Android Security Bulletin on Tuesday. The most concerning vulnerabilities, as usual, concern Media Framework, Android’s lightweight media player. The framework includes the...
JVN#11815655: Photopt App fails to verify SSL server certificates
Photopt App provided by NTT Communications Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by th...
Android Update Checker - Dynamic Code Loading, External URLs, Suspicious files vulnerabilities
HackApp vulnerability scanner discovered that application Android Update Checker published at the 'play' market has multiple vulnerabilities...
Yik Yak Patches Privacy Flaw in iOS App
Yik Yak, an application that allows users to share purportedly anonymous status updates with others near them, has fixed a critical vulnerability in its iOS app that could have de-anonymized users and let attackers take total control of someone’s account. Yik Yak’s security team was apparently...