EUVD-2020-1723

Malware in sbrugna...

Basecamp: Account takeover via insecure intent handling

The Basecamp app was vulnerable to account takeover due to insecure intent handling. A malicious app installed on the same device could obtain the user's Oauth2 token and take over their account...

Design/Logic Flaw

In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12...

CVE-2020-0219

In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. This could lead to local elevation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-122836081...

Design/Logic Flaw

In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. This could lead to local elevation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-122836081...

Vulnerabilities Identified in Dolphin, Mercury Android Browsers

Vulnerabilities exist in two fairly popular alternative browsers for Android – Dolphin and Mercury — that depending on the browser could result in either remote code execution or arbitrary read/write access. Mobile security researcher Benjamin Watson, who blogs under the guise of Rotlogix...