126 matches found
Authorization
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READPRIVILEGEDPHONESTATE permission...
CVE-2022-22272
CVE-2022-22272 affects TelephonyManager in Samsung/Android prior to the SMR Jan-2022 Release 1. The issue is improper authorization that allows an attacker to obtain the IMSI without READ_PRIVILEGED_PHONE_STATE permission. Root cause is insufficient access control in TelephonyManager’s handling o...
CVE-2022-22272
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READPRIVILEGEDPHONESTATE permission...
PT-2022-15318 · Unknown · Telephonymanager
Name of the Vulnerable Software and Affected Versions: TelephonyManager versions prior to SMR Jan-2022 Release 1 Description: The issue is related to improper authorization in TelephonyManager, allowing attackers to obtain the IMSI without the required READ PRIVILEGED PHONE STATE permission...
Unspecified vulnerability in Huawei HarmonyOS (CNVD-2022-08457)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in a component of Huawei HarmonyOS. An attacker can exploit the vulnerability to bypass the necessary privileges to gain acce...
CVE-2021-25451
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data...
Code injection
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data...
CVE-2021-25451
CVE-2021-25451 affects Android’s NetworkPolicyManagerService where a PendingIntent hijack can lead to exposure of IMSI data. The vulnerability is local, requiring user interaction, with a low-moderate CVSS (3.3 on 3.1, base score 3.3; confidentiality impact: Low). Root cause stated: manipulation ...
CVE-2021-25451
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data...
100m T-Mobile Customer Records Purportedly Up for Sale
A threat actor is selling what they claim to be 30 million T-Mobile customers’ Social Security and driver license numbers on an underground web forum. The collection is a subset of the purported 100 million records contained in stolen databases. The seller told Motherboard – which first reported...
Unspecified Vulnerability in Samsung SMR (CNVD-2021-45731)
Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A security vulnerability exists in versions prior to Samsung SMR APR-2021 Release 1, which can be exploited by a local attacker to access IMSI values via an untrusted application...
CVE-2021-25358
A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications...
CVE-2021-25358
A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications...
Input validation
A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications...
CVE-2021-25358
CVE-2021-25358 affects Samsung SMR (system patch package). Before SMR APR-2021 Release 1, IMSI values could be stored in an improper path, enabling local attackers to access IMSI values via untrusted applications. Vulnerability is localized to affected SMR components; root cause is improper stora...
CVE-2021-25358
A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications...
Samsung SMR 安全漏洞
Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A security vulnerability exists in versions prior to Samsung SMR APR-2021 Release 1, which can be exploited by a local attacker to access IMSI values via an untrusted application...
New 5G Network Flaws Let Attackers Track Users' Locations and Steal Data
As 5G networks are being gradually rolled out in major cities across the world, an analysis of its network architecture has revealed a number of potential weaknesses that could be exploited to carry out a slew of cyber assaults, including denial-of-service DoS attacks to deprive subscribers of...
Baidu Mobile Apps in Google Play Leak Sensitive Data
Multiple Android mobile apps found in Google Play, including Baidu Search Box and Baidu Maps, were found by researchers to be leaking data that could be used to track users – even if they switch devices. The apps have each been downloaded millions of times, according to Palo Alto Unit 42...
IMSI-Catchers from Canada
Gizmodo is reporting that Harris Corp. is no longer selling Stingray IMSI-catchers and, presumably, its follow-on models Hailstorm and Crossbow to local governments: L3Harris Technologies, formerly known as the Harris Corporation, notified police agencies last year that it planned to discontinue...