146 matches found
Patched Android Libutils Vulnerability Harkens Back to Stagefright
This week’s Android Security Bulletin patched a calamity of vulnerabilities that threatened almost every device in circulation and illustrated the fragility of the Android ecosystem. The bulletin addressed more than 50 vulnerabilities, including nine rated critical by Google because of the...
Google Shuts Down Potentially Massive Android Bug
The Android ecosystem may have dodged another Stagefright-type of vulnerability. Google’s monthly Android Security Bulletin released on Tuesday not only patched the remaining Quadrooter vulnerabilities, but also fixed another wide-ranging flaw that could allow an attacker to easily compromise—or ...
CVE-2016-3830
codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service device hang or reboot via crafted ADTS data, aka internal bug 29153599...
CVE-2016-3827
codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 28816956...
How Bugs Lead to a Better Android
Google is used to taking a beating over Android vulnerabilities, but it says too often its hard work fixing vulnerabilities and keeping the platform safe goes unnoticed. “Over the seven years working on Android security vulnerabilities I’ve seen a lot of bugs and a lot of fear uncertainty and...
Apple's operating system exposed new vulnerabilities in addition to the latest version without immune-vulnerability warning-the black bar safety net
Security researchers recently discovered that Appleoperating systemthere is a huge security vulnerability. Hackers only need to know your phone number, you can use this security vulnerability to steal the user's password. ! IDG according to foreign media reports, security researchers recently...
UBUNTU-CVE-2016-2506
DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...
Mozilla Firefox ESR 45.x < 45.1 Multiple Vulnerabilities
Binary data 9379.prm...
Google's Android Rewards Program Pays Out Half Million in First Year
Google wrapped up the first year of its Android Security Rewards program this week, a span of time that saw the company pay out just north of half a million dollars to security researchers who helped identify vulnerabilities in the mobile operating system. In all, the company paid 82 researchers ...
The vulnerability of the Android operating system, which allows a hacker to increase their privileges
The vulnerability of the libstagefright component in the Android operating system’s media server is related to the lack of checks on the size of OMX buffers for GSM and G711 decoders. Exploiting this vulnerability allows a malicious actor to enhance their privileges through a specially created...
UBUNTU-CVE-2016-2495
SampleTable.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to cause a denial of service device hang or reboot via a crafted file, aka internal bug 28076789...
Vulnerability of Firefox and Firefox ESR browsers, allowing attackers to execute arbitrary code
The vulnerability of the stagefright::SampleTable::parseSampleCencInfo function in the libstagefright component of Firefox and Firefox ESR browsers is caused by a buffer overflow in the dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by manipulating CENC...
FCC, FTC Investigate Mobile Security Update Practices
The glowing lack of public, real-world Stagefright exploits didn’t stop the U.S. government from using last summer’s blockbuster Android vulnerability as an illustration of the dangers facing mobile device users. Under the context of Stagefright exposing up to 1 billion devices to attack, the...
FCC takes initiative to Speed Up Mobile Security Updates
In Brief The Smartphone users are fed up with slow security updates, so two United States federal agencies have launched an official inquiry to know how manufacturers and carriers deal with mobile phone security updates and what they are doing to roll out patches as quickly as possible. The...
UBUNTU-CVE-2016-2450
codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining...
Google Patches More Trouble in Mediaserver
Google has re-branded its monthly patch release, bringing a new name and new scope to the newly renamed Android Security Bulletin. While that may be new, the content is definitely familiar. Once again, critical remote code execution Mediaserver vulnerabilities dominate this month’s patches...
DEBIAN-CVE-2016-2814
Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to...
Firefox ESR 45.x < 45.1 Multiple Vulnerabilities
The version of Firefox ESR installed on the remote Windows host is 45.x prior to 45.1. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist that allow an attacker to corrupt memory, resulting in the execution of arbitrary code. CVE-2016-2806,...
Firefox ESR < 38.8 Multiple Vulnerabilities (Mac OS X)
The version of Firefox ESR installed on the remote Mac OS X host is prior to 38.8. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist that allow an attacker to corrupt memory, resulting in the execution of arbitrary code. CVE-2016-2805, CVE-2016-280...
Firefox ESR < 38.8 Multiple Vulnerabilities
The version of Firefox ESR installed on the remote Windows host is prior to 38.8. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist that allow an attacker to corrupt memory, resulting in the execution of arbitrary code. CVE-2016-2805, CVE-2016-2807...