878 matches found
CVE-2023-21390
In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Design/Logic Flaw
In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Privilege escalation
In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Privilege escalation
In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21393
In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21393
In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21393
CVE-2023-21393 is a local elevation of privilege in Android Settings caused by a missing permission check that could allow a user to change the SIM without interaction. Exploitation is described as local with no user interaction and the impact is elevated permissions with high confidentiality, in...
CVE-2023-21390
In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21390
CVE-2023-21390 is described across multiple sources as a permission bypass in the Android environment related to a component labeled as Sim, allowing evasion of mobile-preference restrictions and enabling local privilege escalation without requiring extra execution privileges. Exploitation is rep...
CVE-2023-21390
In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21373
In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21373
CVE-2023-21373 affects Android Telephony: a missing permission check lets a guest user change the preferred SIM, enabling local elevation of privilege with no user interaction. Exploitation is local; impact is described as high (confidentiality, integrity, availability). No exploitation details i...
CVE-2023-21373
In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2023-18168 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a missing permission check in the Settings application, allowing a user to change the SIM card. This could lead to local escalation of privilege without requirin...
PT-2023-18165 · Sim · Sim
Name of the Vulnerable Software and Affected Versions: Sim affected versions not specified Description: The issue is related to a permission bypass that allows evading mobile preference restrictions. This could lead to local escalation of privilege with no additional execution privileges needed...
PT-2023-18148 · Telephony · Telephony
Name of the Vulnerable Software and Affected Versions: Telephony affected versions not specified Description: The issue is related to a missing permission check, allowing a guest user to change the preferred SIM. This could lead to local escalation of privilege with no additional execution...
Octo Tempest cybercriminal group is “a growing concern”—Microsoft
Octo Tempest is believed to be a group of native English speaking cybercriminals that uses social engineering campaigns to compromise organizations all over the world. Initially the group made a name for itself by SIM swapping. SIM swapping, also known as SIM jacking, is the act of illegally taki...
Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware
The prolific threat actor known as Scattered Spider has been observed impersonating newly hired employees in targeted firms as a ploy to blend into normal on-hire processes and takeover accounts and breach organizations across the world. Microsoft, which disclosed the activities of the financiall...
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries. Octo Tempest leverages broad social engineering campaigns to compromise organizations across the...
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries. Octo Tempest leverages broad social engineering campaigns to compromise organizations across the...