CVE-2018-15543

An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in...

CVE-2018-13446

An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the...

Authentication flaw

DISPUTED An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode...

CVE-2018-12446

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the...

CVE-2018-12446

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the...

MakeMyTrip 7.2.4 - Information Disclosure Vulnerability

Exploit for Android platform in category local exploits Exploit Title: Android Application MakeMyTrip 7.2.4 - Unencrypted Database Files Software Link: MakeMyTrip v7.2.4 Android Application Exploit Author: Divya Jain Version: 7.2.4 Android App CVE: CVE-2018-11242 Category: Mobileapps Tested on:...

Mobile malware evolution 2017

The year in figures In 2017, Kaspersky Lab detected the following: 5,730,916 malicious installation packages 94,368 mobile banking Trojans 544,107 mobile ransomware Trojans Trends of the year Rooting malware: no surrender For the last few years, rooting malware has been the biggest threat to...

Mobile Menace Monday: upping the ante on Adups

Adups is back on our radar. The same China-based company caught collecting an abundance of user data and creating a backdoor on mobile devices in 2016 has another malicious card to throw down. This time, it's an auto installer we detect as Android/PUP.Riskware.Autoins.Fota. We thought they cleane...

Google Detects Android Spyware That Spies On WhatsApp, Skype Calls

In an attempt to protect Android users from malware and shady apps, Google has been continuously working to detect and remove malicious apps from your devices using its newly launched Google Play Protect service. Google Play Protect—a security feature that uses machine learning and app usage...

Back to school cybersecurity tips for parents and kids

The time to start the new school term is just around the corner. And for parents, the excitement and anxiety may be palpable, especially if it's their kid's first time attending a new school. Ads for back-to-school gear start as early as July, increasing in frequency and urgency until the kiddos...

CopyCat Android Rooting Malware Infected 14 Million Devices

A newly uncovered malware strain has already infected more than 14 Million Android devices around the world, earning its operators approximately $1.5 Million in fake ad revenues in just two months. Dubbed CopyCat, the malware has capabilities to root infected devices, establish persistency, and...

Improper access control

On Lenovo VIBE mobile phones, improper access controls on the nacserver component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user commonly known as 'rooting' or "jail breaking" a device...

Local Root Exploit on Lenovo VIBE Mobile Phones - us

Lenovo Security Advisory: LEN-15823 Potential Impact: Elevation of Privilege Severity: Medium Scope of Impact: Lenovo specific CVE Identifier: CVE-2017-3748, CVE-2017-3749, CVE-2017-3750 Summary Description: Vulnerabilities have been identified on Lenovo VIBE Mobile Phones that allow the user or ...

Local Root Exploit on Lenovo VIBE Mobile Phones - Lenovo Support US

No description provided...

Google Removes Two Ztorg Trojans from Play Marketplace

Google, for the second time this month, has removed malicious apps from Google Play that could have laid the groundwork for an attacker to root infected devices. A researcher with Kaspersky Lab on Tuesday described how attackers managed to evade settings set in place by Google Play’s VerifyApps...

First Android-Rooting Trojan With Code Injection Ability Found On Google Play Store

A new Android-rooting malware with an ability to disable device’ security settings in an effort to perform malicious tasks in the background has been detected on the official Play Store. What's interesting? The app was smart enough to fool Google security mechanism by first pretending itself to b...

Linux Kernel 3.11 < 4.8 0 - SO_SNDBUFFORCE & SO_RCVBUFFORCE Local Privilege Escalation Exploi

Exploit for linux platform in category local exploits // CAPNETADMIN - root LPE exploit for CVE-2016-9793 // No KASLR, SMEP or SMAP bypass included // Affected kernels: 3.11 - 4.8 // Tested in QEMU only // https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-9793 // // Usage: // gcc...

Google just discovered a dangerous Android Spyware that went undetected for 3 Years

An Android version of one of the most sophisticated mobile spyware has been discovered that remained undetected for at least three years due to its smart self-destruction capabilities. Dubbed Chrysaor, the Android spyware has been used in targeted attacks against activists and journalists mostly ...

Verizon to pre-install a 'Spyware' app on its Android phones to collect user data

If the death of online privacy rules wasn't enough for Internet Service Providers and advertisers to celebrate, Verizon has planned to pre-install spyware on customers' Android devices in order to collect their personal data. The telecom giant has partnered with Evie Launcher to bring a new...

Google Android - get_user/put_user (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class MetasploitModule "Android getuser/putuser Exploit", 'Description' = %q This module exploits a missing check in the getuser and...