Unpatched Android OS Flaw Allows Adversaries to Track User Location

A flaw in the Android mobile operating system could allow an attacker with physical proximity to a WiFi router to track the location of users within the router’s range. The issue CVE-2018-9581 allows information leakage stemming from inter-process communication. While applications on Android are...

Android 5.0 Battery Information Broadcast Information Disclosure

NOTE: This bug is part of a series of three related Android bugs with the same root cause: CVE-2018-9489, CVE-2018-9581 and CVE-2018-15835. A presentation covering all three bugs was given at BSides DE in the fall of 2018. SUMMARY System broadcasts by the Android operating system expose detailed...

Google Chrome IPC Pointer Information Disclosure Vulnerability

Google Chrome is a web browser developed by Google, and IPC is one of the inter-process communication components. A security vulnerability exists in IPC in versions of Google Chrome prior to 63.0.3239.84, which stems from an incorrect serialization operation performed by the program. The...

Google Android Kernel Component Elevation of Privilege Vulnerability (CNVD-2018-18768)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA, of which Binder is an inter-process communication IPC component. An elevation of privilege vulnerability exists in the Binder component in Android. An attacker can exploit this...

Mozilla: Compromised IPC child process can list local filenames

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox...

Mozilla: Out-of-bounds write with malformed IPC messages (MFSA 2018-07)

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...

Mozilla: Out-of-bounds write with malformed IPC messages (MFSA 2018-07)

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...

Mozilla: Out-of-bounds write with malformed IPC messages (MFSA 2018-07)

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...

UBUNTU-CVE-2018-5129

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...

CVE-2018-6057

Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page...

KLA11204 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities possibly to cause denial of service or spoof user interface. Below is a complete list of vulnerabilities: 1. Incorrect processing of AppMenifests can be exploited remotely to perfo...

IBM Client Application Access Elevation of Privilege Vulnerability

IBM Client Application Access and IBM Notes for Windows are both products of IBM Corporation.IBM Notes for Windows is a set of collaborative office software based on the Windows platform.IBM Client Application Access is a set of tools for accessing local applications based on the Windows platform...

chromium-browser: pointer information disclosure in ipc call

Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page...

CVE-2017-12816

In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC...

iOS Security Testing Framework: needle

iOS Security Testing Framework Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps. Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes...

UBUNTU-CVE-2017-7875

In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free...

Google Android - Inter-process munmap in android.util.MemoryIntArray

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1001 The MemoryIntArray class allows processes to share an in-memory array of integers by transferring an ashmem file descriptor. As the class implements the Parcelable interface, it can be passed within a Parcel or a Bundle and...

Google Android - Inter-process munmap in android.util.MemoryIntArray

Google Android - Inter-process munmap in android.util.MemoryIntArray Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1001 The MemoryIntArray class allows processes to share an in-memory array of integers by transferring an ashmem file descriptor. As the class implements the...

Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=928 Bitmap objects can be passed between processes by flattening them to a Parcel in one process and un-flattening them in another. In order to conserve memory, there exists a code path which allows Bitmaps to be shared between...

needle - The iOS Security Testing Framework

Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps. Description Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and...