19 matches found
RHEL 8 : nss (RHSA-2024:0093)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0093 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...
Root takeover via signature spoofing
Description When an app requests "CMDBECOMEMANAGER" via prctl, couple of checks done before promoting uid as root manager. Main check relies on requester's signature. Signature control is done in checkv2signature function in kernel\apksign.c, this function accepts both V2 and V3 signatures...
CVE-2022-20442
In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
Design/Logic Flaw
In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
ASB-A-176094367
In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...
Old Play Store apps served notice by upcoming API level changes
Starting very soon, old and outdated apps on the Google Play Store will no longer be available to download. A major clearout is coming, and if you’re an app developer it may be time to overhaul your product or face Android-centric oblivion. What’s happening? Android makes use of APIs application...
SUSE SLED12 / SLES12 Security Update : libseccomp (SUSE-SU-2019:2941-1)
This update for libseccomp fixes the following issues : Update to new upstream release 2.4.1 : Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. Updated to 2.4.0 bsc1128828 CVE-2019-9893: Update the syscall table for Linux v5.0-rc5 Added support for the...
Android P to Block Apps From Monitoring Device Network Activity
Do you know that any app you have installed on your Android phone can monitor the network activities—even without asking for any sensitive permission—to detect when other apps on your phone are connecting to the Internet? Obviously, they cant see the content of the network traffic, but can easily...
Virtual Postage (VPA) - Man In The Middle Remote Code Execution
Virtual Postage VPA - Man In The Middle Remote Code Execution Exploit Title: Virtual Postage VPA - Remote Code Execution via MITM Date: 20/Jul/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=a2.virtualpostage.com http://archive.is/EdtJT Software Link: N/A...
eVestigator Forensic PenTester - Man In The Middle Remote Code Execution
eVestigator Forensic PenTester - Man In The Middle Remote Code Execution Exploit Title: eVestigator Forensic PenTester v1 - Remote Code Execution via MITM Date: 30/Jun/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=penetrationtest.eVestigator.com Software...
Google Updates CA Trust Mechanisms in Android Nougat
Google last week announced changes in the way it will handle trusted Certificate Authorities in Nougat, the latest version of the Android operating system. The changes are expected to cut into the likelihood of a successful man-in-the-middle attack, or a device falling victim to an...
Viber for Android exposes insecure Javascript interface
------------------------------------------------------------------------ Viber for Android exposes insecure Javascript interface ------------------------------------------------------------------------ Yorick Koster, April 2014...
7 Things About Android Lollipop 5.0 You Need To Know
After offering chocolate Kit-Kat, now Google is ready to serve you Lollipops. Google on Wednesday finally revealed the official name of its next version Android L — Android 5.0 Lollipop. The newly released Android 5.0 Lollipop ships with the latest Motorola-made Nexus 6 smartphone and Nexus 9...
Adobe Reader for Android exposes insecure Javascript interfaces
------------------------------------------------------------------------ Adobe Reader for Android exposes insecure Javascript interfaces ------------------------------------------------------------------------ Yorick Koster, April 2014...
Adobe Reader for Android 11.1.3 - Arbitrary JavaScript Execution
Adobe Reader for Android 11.1.3 - Arbitrary JavaScript Execution ------------------------------------------------------------------------ Adobe Reader for Android exposes insecure Javascript interfaces ------------------------------------------------------------------------ Yorick Koster, April...
Adobe Reader for Android 11.1.3 - Arbitrary JavaScript Execution
Exploit for Android platform in category local exploits ------------------------------------------------------------------------ Adobe Reader for Android exposes insecure Javascript interfaces ------------------------------------------------------------------------ Yorick Koster, April 2014...
Adobe Reader For Android Javascript Insecure
------------------------------------------------------------------------ Adobe Reader for Android exposes insecure Javascript interfaces ------------------------------------------------------------------------ Yorick Koster, April 2014...
Android WebView addJavascriptInterface Arbitrary Java Method Access
Added: 02/11/2014 CVE: CVE-2013-4710 OSVDB: 97520 Background Android is a Linux-based operating system used primarily on touchscreen mobile devices such as smartphones and tablet computers. It was originally developed by Android Inc., but is now owned by Google. WebView is a sub-class of the...
Android WebView addJavascriptInterface Arbitrary Java Method Access
Added: 02/11/2014 CVE: CVE-2013-4710 OSVDB: 97520 Background Android is a Linux-based operating system used primarily on touchscreen mobile devices such as smartphones and tablet computers. It was originally developed by Android Inc., but is now owned by Google. WebView is a sub-class of the...