CVE-2021-0686

In getDefaultSmsPackage of RoleManagerService.java, there is a possible way to get information about the default sms app of a different device user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction i...

EUVD-2021-3305

Malicious code in bioql PyPI...

CVE-2018-17387

CVE-2018-17387 affects Nimble Messaging Bulk SMS Marketing Application 1.0. The issue is a Cross-Site Request Forgery (CSRF) that enables adding an admin account. CVSS3 base score 8.8 (HIGH) with NETWORK attack vector, UI required, and HIGH impact on confidentiality, integrity, and availability. ...

Handcent Next SMS - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application Handcent Next SMS published at the 'play' market has multiple vulnerabilities...

Color SMS Text Message Friends - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Color SMS Text Message Friends published at the 'play' market has multiple vulnerabilities...

'BadNews' Android Malware downloaded up to 9 million times

It appears as if another malware scare has come to Android. Lookout Security said on Friday that it has discovered a new family of malware called BadNews. Malware that avoided detection and made its way onto the Google Play store has been downloaded around 9 million times by users from all over t...

Researchers Find Bug in SMS App That Can Lead to iPhone Exploits

Researchers have identified a bug in an application that can enable attackers potentially to gain control of a victim’s iPhone. The app in question, TreasonSMS, enables users to send SMS messages from a desktop Web browser by using their iPhones as Web servers. The bug lies in the way that the...