SAMSUNG Dialer 安全漏洞

Samsung Dialer is a dialer application developed by South Korea’s Samsung Corporation. Versions of the Samsung Dialer prior to SMR Feb-2026 Release 1 contained security vulnerabilities. These vulnerabilities stemmed from improper export of Android application components, potentially allowing loca...

PT-2026-6005

Name of the Vulnerable Software and Affected Versions Android VPU driver versions prior to the February 2026 security patch Description The issue resides within the vpu ioctl function, specifically in the vpu mmap component. A missing bounds check allows for a potential arbitrary address mapping...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

GHSA-6P9P-Q6WH-9J89 apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force large gzip inflation work and lead to resource exhaustion availability impact. The Split function reads the first tar header,...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the dirFS filesystem abstraction. An attacker can perform unauthorized filesystem writes outside the intended base directory by supplying a crafted APK package containing malicious directory or symlink entrie...

Pixel Watch Security Bulletin—February 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices Google Devices. For Google devices, security patch levels of 2026-02-01 or later address all issues in this bulletin and all issues in the February 2026 Android Security Bulletin and all...

Wear OS Security Bulletin—February 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2026-02-05 or later from the February 2026 Android Security Bulletin in addition to all issues in this bulletin. We encourage al...

Android Automotive OS Update Bulletin—February 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Android Automotive OS AAOS Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2026-02-05 or later from the February 2026 Android Security Bulletin in addition to all issues in th...

Android Security Bulletin—February 2026Stay organized with collectionsSave and categorize content based on your preferences.

This Android Security Bulletin contains details of security vulnerabilities that affect Android devices. Security patch levels of 2026-02-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Within 48 hours afte...

Arsink Spyware Posing as WhatsApp, YouTube, Instagram, TikTok Hits 143 Countries

Another day, another Android malware campaign targeting unsuspecting users worldwide by masquerading as popular apps...

Okara: Detection and Attribution of TLS Man-In-The-Middle Vulnerabilities in Android Apps with Foundation Models

Transport Layer Security TLS is fundamental to secure online communication, yet vulnerabilities in certificate validation that enable Man-in-the-Middle MitM attacks remain a pervasive threat in Android apps. Existing detection tools are hampered by low-coverage UI interaction, costly...

PT-2026-5350

Name of the Vulnerable Software and Affected Versions versions prior to 2026-0007 Description A flaw exists in the writeToParcel function within WindowInfo.cpp that could allow an attacker to trick a user into granting permissions through a tapjacking or overlay attack. This could result in local...

Linux Distros Unpatched Vulnerability : CVE-2025-4086

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog...

Linux Distros Unpatched Vulnerability : CVE-2025-4090

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability was fixed in Firefox...

EUVD-2023-25647

Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule...

Malicious Package

Overview chameleon-sdk-android is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

WhatsApp rolls out new protections against advanced exploits and spyware

WhatsApp is quietly rolling out a new safety layer for photos, videos, and documents, and it lives entirely under the hood. It won't change how you chat, but it will change what happens to the files that move through your chats—especially the kind that can hide malware. The new feature, called...

Phantom Malware in Android Game Mods Hijacks Devices for Ad Fraud

Another day, another Android malware strain. This time, Phantom malware aka Android.Phantom is targeting users who install third-party gaming apps from unofficial sources...