CVE-2017-18670

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, and M6.0 software. android.intent.action.SIOPLEVELCHANGED allows a serializable intent reboot. The Samsung ID is SVE-2017-8363 May 2017...

CVE-2017-18664

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, and M6.0 software. There is a NULL pointer exception in PersonManager, causing memory corruption. The Samsung ID is SVE-2017-8286 June 2017...

Twitter Fixes Bug that Enabled Takeover of Android App Accounts

Twitter for Android users are being urged to update their app to avoid a security bug that allows a malicious user to access private account data and could also allow an attacker to take control of accounts to send tweets and direct messages. The warning comes from Twitter who said there are no...

8sms (Stock Messaging, KitKat) - Dangerous filesystem permissions, Exported ContentProvider, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application 8sms Stock Messaging, KitKat published at the 'play' market has multiple vulnerabilities...

Messaging kitkat 4.4 - Dynamic Code Loading, Exported ContentProvider, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application Messaging kitkat 4.4 published at the 'play' market has multiple vulnerabilities...

Messaging Classic - 4.4 Kitkat - Exported ContentProvider, Exported components, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application Messaging Classic - 4.4 Kitkat published at the 'play' market has multiple vulnerabilities...

CVE-2016-4546

Samsung devices with Android KK4.4 or L5.0/5.1 allow local users to cause a denial of service IAndroidShm service crash via crafted data in a service call...

CVE-2016-4038

Array index error in the msmsensorconfig function in kernel/SM-G9008VCHNKKOpensource/Kernel/drivers/media/platform/msm/camerav2/sensor/msmsensor.c in Samsung devices with Android KK4.4 or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the...

CVE-2017-5351

Samsung Note devices with KK4.4, L5.0/5.1, and M6.0 software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650...

CVE-2016-9277

Integer overflow in SystemUI in KK4.4 and L5.0/5.1 on Samsung Note devices allows attackers to cause a denial of service UI restart via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906...

SDFix: KitKat Writable MicroSD - Possible privilege escalation, Runtime command execution vulnerabilities

HackApp vulnerability scanner discovered that application SDFix: KitKat Writable MicroSD published at the 'play' market has multiple vulnerabilities...

Fingerprint Lock KitKat prank - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Fingerprint Lock KitKat prank published at the 'play' market has multiple vulnerabilities...

SMS Backup & Restore (Kitkat) - Exported components, External URLs, Possible privilege escalation vulnerabilities

HackApp vulnerability scanner discovered that application SMS Backup & Restore Kitkat published at the 'play' market has multiple vulnerabilities...

Google AOSP Email for Android开放重定向漏洞

The Google AOSP Email App is vulnerable to HTML Injection on the email body. It allows a remote attacker to be able to send a crafted email with a payload that redirects the user to a target url as soon as he opens the email. This issue is not related with the email provider configured on the app...

OpenSSLX509Certificate deserialization Vulnerability, CVE-2 0 1 5-3 8 2 5）cause analysis-vulnerability warning-the black bar safety net

Serialization Serialization, is the state of the object information can be converted to storage or transmission in the form of the process. During serialization, the object will be in its current state is written to a temporary or persistent storage area. The user can pass from the storage area t...

Address-Spoofing Bug Haunts Android Stock Browser

There’s an easily exploitable vulnerability in the Android stock browser that enables an attacker to spoof the URL in the address bar and force a victim to visit a malicious site while believing he is visiting a benign one. Security researcher Rafay Baloch discovered the vulnerability and develop...

Google Won't Patch WebView Prior to Android Jelly Bean

Hackers may have a perpetual shooting gallery of unpatched Android vulnerabilities at their disposal after it was disclosed today that Google no longer will provide WebView patches for older versions of its operating system. Researchers at Rapid7 have made mincemeat of WebView in Android Jelly...

Android "Fake ID" Vulnerability Allows Malware to Impersonate Trusted Apps

Due to the majority in the mobile platform, Google’s Android operating system has been a prior target for cybercriminals and a recently exposed weakness in the way the operating system handles certificate validation, left millions of Android devices open to attack. Researchers at BlueBox security...

Patched Code-Execution Bug Affects Most Android Users

A serious code-execution vulnerability in Android 4.3 and earlier was patched in KitKat, the latest version of the operating system. Researchers at IBM this week disclosed the nature of the vulnerability, which was privately disclosed to the Android Security Team in September and patched last...

XDA Forum hackers again proof Sony Xperia Z2 UI-bug warning-the black bar safety net

Recently a senior XDA developer Forum member in the online release of more than one Xperia Z2 real machine picture, and shows the phone running Android 4.3 system, using the new UI, the phone use is very unstable, the UI has been crashing. Today, the XDA member latest release of the Xperia Z2...