Leaks show Intellexa burning zero-days to keep Predator spyware running

Intellexa is a well-known commercial spyware vendor, servicing governments and large corporations. Its main product is the Predator spyware. An investigation by several independent parties describes Intellexa as one of the most notorious mercenary spyware vendors, still operating its Predator...

Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks

--- Graphic for illustration Cybersecurity researchers on Tuesday disclosed details about an address bar spoofing vulnerability affecting multiple mobile browsers, such as Apple Safari and Opera Touch, leaving the door open for spear-phishing attacks and delivering malware. Other impacted browser...

Mobile Browser Bugs Open Safari, Opera Users to Malware

A set of address-bar spoofing vulnerabilities that affect a number of mobile browsers open the door for malware delivery, phishing and disinformation campaigns. The bugs, reported by Rapid7 and independent researcher Rafay Baloch, affect six browsers, ranging from the common Apple Safari, Opera...

Vulntober: Multiple Mobile Browser Address Bar Spoofing Vulnerabilities

Today, we're announcing a coordinated vulnerability disclosure publication with our longtime mobile hacker friend, Rafay Baloch. If you'd like to just jump straight to the technical details for these vulnerabilities, I invite you to read his paper here. If you want to know more about why this...

Android Gets FIDO2 Certification—Now Supports Secure Passwordless Logins

Great news. If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified. Are you thinking… what the heck that actually means? It means,...

Multiple mobile browsers in China have information leakage vulnerabilities

A mobile browser is a mobile Internet tool that allows users to browse Internet content on a cell phone terminal over a wireless communication network. Information leakage vulnerabilities exist in several domestic cell phone browsers, which can be exploited by attackers to obtain sensitive...

Mail.ru: XSS in touch.mail.ru

Browser specific user assisted DOM based XSS in message editor undo functionality via quoted content. Vulnerability did not affected mobile browsers used by majority of touch.mail.ru web interface users...

Browser Address Bar Spoofing Vulnerability Disclosed

Chrome, Firefox and likely other major browsers are afflicted by a vulnerability that allows attackers to spoof URLs in the address bar. While Mozilla said it has patched the flaw in the affected Android version of the Firefox browser, Google said Chrome will be fixed in an upcoming September...

Imgur: Attack User Privacy Settings - X-Frame-Options missing on m.imgur.com/user/username/settings

Hello, I would like to report that almost entire mobile web site is vulnerable to clickjacking attacks, Maybe the most important critical part the /settings node, As an attacker could force a user to change his privacy settings with only two clicks, please see live video demonstration, of course...

CloudFlare Deploys ChaCha20-Poly1305 Encryption Across Sites

After rolling out free SSL for its users last fall, CloudFlare has deployed a new level of encryption on its service that hardens and speeds up the user experience, especially when accessing domains via mobile browsers. The form of encryption, a relatively new transport layer cipher suite known a...

Each of the large browser vendors in the mobile browser present the same security issues-vulnerability warning-the black bar safety net

Test are millet 2s mobile phone, the affected vendors+test version numberthe latest version: Sogou browser myhack58: sogou mobile browser cross-domain scripting vulnerability, one of the Chat Hot Spring Resort browser series 9 9.5.1.79796 2 3 4 5 browser 5.6.2 Baidu hao123 Internet navigation...

Phabricator: Content Spoofing through URL

Hello I hope this is upto the level you guys think of accepting reports. Specified content can be injected into the webpage as text using the URL Consider this...

Cisco WebEx Sales Center Mobile Browser Open Redirect Vulnerability

A vulnerability in Cisco WebEx Sales Center could allow an unauthenticated, remote attacker to cause WebEx Sales Center to redirect mobile browsers to an attacker-supplied URL. The vulnerability is due to an open redirect issue in Cisco WebEx Sales Center. An attacker could exploit this...

Researchers Dump Trove of 0Days For Popular Android Applications

Researchers in China published a trove of information on previously unknown zero day vulnerabilities in popular applications for Google’s Android mobile operating system on Wednesday, including mobile browsers and at least one mobile wallet application. The vulnerabilities were found in a wide...

JVN#15243167 Problem with referer header handling on mobile phone web browsers

Impact Referer information may be unintendedly sent to a server under certain operating conditions. Solution Products Affected For more information, refer to the vendors' websites...