17 matches found
EUVD-2016-1326
Malware in sbrugna...
Amazon Halts Sale of Android Blu Phone Amid Spyware Concerns
Android phone maker Blu Products was dealt a blow Monday when Amazon said it would no longer sell its phones, citing security and privacy issues. The phone maker came under scrutiny last week by researchers at Kryptowire during a Black Hat session where they criticized the company for collecting...
CVE-2016-10138
An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and cannot be disabled by the user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute t...
Design/Logic Flaw
An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and cannot be disabled by the user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute t...
Design/Logic Flaw
An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of...
CVE-2016-10136
An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the...
CVE-2016-10139
An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of...
CVE-2016-10137
An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the...
Design/Logic Flaw
An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the...
CVE-2016-10138
An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and cannot be disabled by the user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute t...
CVE-2016-10136
An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the...
CVE-2016-10139
The CVE-2016-10139 issue affects BLU R1 HD devices running Shanghai Adups software. The com.adups.fota.sysoper app declares android:sharedUserId as android.uid.system, allowing it to run as the privileged system user and grant additional permissions not listed in its manifest. This enables access...
CVE-2016-10137
CVE-2016-10137 affects BLU R1 HD devices running Shanghai Adups software. The vulnerability arises from the com.adups.fota.sysoper app (package com.adups.fota.sysoper) exposing InfoProvider to any app on the device, coupled with android:sharedUserId set to android.uid.system, causing execution as...
CVE-2016-10137
An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the...
CVE-2016-10139
An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of...
CVE-2016-10138
CVE-2016-10138 affects BLU Advance 5.0 and BLU R1 HD running Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and sets android:sharedUserId to android.uid.system, causing it to run as the system user. It exposes an exported broadcast receiver (com.adups.fota.sy...
CVE-2016-10136
CVE-2016-10136 affects BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper provider InfoProvider, in the com.adups.fota.sysoper app, sets android:sharedUserId to android.uid.system, enabling any app on the device to read, write, and delete files as the system user. This can...