Hackers Sign Android Malware Apps with Compromised Platform Certificates

Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday. "A platform certificate is the application signing...

Malicious Android application can crash the Nextcloud Android Client

None...

Design/Logic Flaw

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference value...

CVE-2016-5299

A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox 50...

CVE-2016-9061

A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects...

CVE-2016-9061

A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects...

UBUNTU-CVE-2016-8483

An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android...

Mouabad Android Malware calling to Premium numbers; Generating revenue for its Master

None...

ArtIME Japanese Input vulnerable to information disclosure

Overview ArtIME Japanese Input contains an issue in the access permissions for the certain files. ArtIME Japanese Input is a Japanese Input Method Editor IME for Android devices. ArtIME Japanese Input contains an issue in the access permissions for the certain files. Gaku Mochizuki of Mitsui Buss...

Chrome for Android - Cookie theft from Chrome by malicious Android app

CVE Number: CVE-2012-4909 Title: Chrome for Android - Cookie theft from Chrome by malicious Android app Affected Software: Confirmed on Chrome for Android v18.0.1025123 Credit: Takeshi Terada Issue Status: v18.0.1025308 was released which fixes this vulnerability Overview: Symbolic links can be...