7 matches found
CVE-2025-64696
CVE-2025-64696 affects the Android app Brother iPrint&Scan (versions 6.13.7 and earlier). The root cause is improper use of an external cache directory, which can allow malicious apps to access application-specific files. Impact stated in sources: application-specific files may be accessed by oth...
Hackers Use Social Engineering to Target Expert on Russian Operations
Citizen Lab and Google uncovered a new, sophisticated cyberattack linked to Russian state actors that exploits App-Specific Passwords, bypassing Multi-Factor Authentication. Discover how to protect yourself from these evolving threats...
Fedora 29 : flatpak (2018-009a65a873)
flatpak 1.0.5 release. There was a sandbox bug in the previous version where parts of the runtime /etc was not mounted read-only. In case the runtime was installed as the user not the default this means that the app could modify files on the runtime. Nothing in the host uses the runtime files, so...
Nextcloud: Limitation of app specific password scope can be bypassed (NC-SA-2017-009)
Limitation of app specific password scope can be bypassed NC-SA-2017-009 Risk level: Low CVSS v3 Base Score: 3 AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N CWE: Improper Authorization CWE-285 Description Improper session handling allowed an application specific password without permission to the files...
Apple Extends Two-Factor Authentication to iCloud
Apple finally has enabled two-factor authentication for its iCloud storage service, more than a year and a half after the company first turned the protective measure on for iTunes purchases and Apple ID. The extension of 2FA–which Apple calls two-step verification–to iCloud comes two weeks after...
Lock Screen Bypass Flaw Found in Samsung Androids
A vulnerability exists in Samsung devices running Android version 4.1.2 that could give unauthenticated users the ability to circumvent the screen lock and view the home screen, run apps, and reach out to contacts without successfully completing Android’s pattern lock, PIN, password or Face Unloc...
Researchers Bypass Google Two-Factor Authentication
For some time, attackers had the ability to bypass Google’s two-step authentication system through access to users’ app-specific passwords, giving them full access to victims’ Google accounts, including Gmail. The vulnerability that enables this attack, discovered by researchers from DuoSecurity,...