DATABASE RESOURCES PRICING ABOUT US

{"id": "THN:F6C172D8D2CB201F2747639A324D5365", "vendorId": null, "type": "thn", "bulletinFamily": "info", "title": "Several Unpatched Popular Android Apps Put Millions of Users at Risk of Hacking", "description": "[](<https://thehackernews.com/images/-kRyDEVSv8sQ/X8ipwWTaqjI/AAAAAAAABIo/MZiXsLlJVDMJVDGYWO3Vhaz7VS79Ees5gCLcBGAsYHQ/s0/android-malware-hacking.jpg>)\n\nA number of high-profile Android apps are still using an unpatched version of Google's widely-used app update library, potentially putting the personal data of hundreds of millions of smartphone users at risk of hacking.\n\nMany popular apps, including Grindr, Bumble, OkCupid, Cisco Teams, Moovit, Yango Pro, Microsoft Edge, Xrecorder, and PowerDirector, are still vulnerable and can be hijacked to steal sensitive data, such as passwords, financial details, and e-mails.\n\nThe bug, tracked as [CVE-2020-8913](<https://nvd.nist.gov/vuln/detail/CVE-2020-8913>), is rated 8.8 out of 10.0 for severity and impacts Android's Play Core Library versions prior to [1.7.2](<https://developer.android.com/reference/com/google/android/play/core/release-notes#1-7-2>).\n\nAlthough Google addressed the vulnerability in March, [new findings](<https://research.checkpoint.com/2020/vulnerability-in-google-play-core-library-remains-unpatched-in-google-play-applications>) from Check Point Research show that many third-party app developers are yet to integrate the new Play Core library into their apps to mitigate the threat fully.\n\n\"Unlike server-side vulnerabilities, where the vulnerability is patched completely once the patch is applied to the server, for client-side vulnerabilities, each developer needs to grab the latest version of the library and insert it into the application,\" the cybersecurity firm said in a report.\n\nPlay Core Library is a popular [Android library](<https://developer.android.com/guide/playcore>) that allows developers to manage the delivery of new feature modules effectively, trigger in-app updates at runtime, and download additional language packs.\n\nFirst reported in late August by researchers at app security startup [Oversecured](<https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/>), the issue allows a threat actor to inject malicious executables to any app relying on the library, thus granting the attacker full access to all the resources as that of the compromised application.\n\nThe flaw stems from a path traversal vulnerability in the library that could be exploited to load and execute malicious code (e.g., an APK file) onto a target app to steal users' login details, passwords, financial details, and other sensitive information stored in it.\n\nThe consequences of successful exploitation of this flaw are enormous. It can be used to \"inject code into banking applications to grab credentials, and at the same time have SMS permissions to steal the two-factor authentication (2FA) codes,\" grab messages from chat apps, spy on users' locations, and even gain access to corporate resources by tampering with enterprise apps.\n\nAccording to Check Point Research, of the 13% of Google Play applications analyzed in the month of September 2020, 8% of those apps had a vulnerable version.\n\n[](<https://thehackernews.com/images/-8MmNgelHaHc/X8iqBVAeonI/AAAAAAAABIw/83dkkJ4Qgyoes4TMI16V2tHmYv6uMfdawCLcBGAsYHQ/s0/apps-chart.jpg>)\n\nAfter the cybersecurity firm responsibly disclosed their findings, Viber, Meetup, and Booking.com updated their apps to the patched version of the library.\n\nThe researchers also demonstrated a proof-of-concept that used a vulnerable version of the Google Chrome app to siphon the bookmarks stored in the browser through a dedicated payload.\n\n\"We're estimating that hundreds of millions of Android users are at security risk,\" Check Point's Manager of Mobile Research, Aviran Hazum, said. \"Although Google implemented a patch, many apps are still using outdated Play Core libraries. The vulnerability CVE-2020-8913 is highly dangerous, [and] the attack possibilities here are only limited by a threat actor's imagination.\"\n\n**Update \u2014** Following the publication of the story, Cisco, Grindr, and Moovit have updated their respective apps to address the issue.\n\n\"Cisco addressed this vulnerability in the latest version of Cisco Webex Teams, released in the Google Play Store on Dec 2, 2020,\" the company said in a statement to The Hacker News.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2020-12-03T10:59:00", "modified": "2020-12-04T05:06:56", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://thehackernews.com/2020/12/several-unpatched-popular-android-apps.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2020-8913"], "immutableFields": [], "lastseen": "2022-05-09T12:38:43", "viewCount": 38, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-8913"]}, {"type": "kitploit", "idList": ["KITPLOIT:249292095984323465"]}, {"type": "threatpost", "idList": ["THREATPOST:4633FBDFBBCB7E351875F001CDE3F5D6", "THREATPOST:AE8C2DF2B7905295285808EF622BB98B", "THREATPOST:C32795DB0AF64BA650F0E0EECFEDF94C", "THREATPOST:F1373033F32E19F9CBC71A49A31852D7", "THREATPOST:F4C7A23E0E9EE24012140A3F80FAF82A"]}]}, "score": {"value": -0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-8913"]}, {"type": "kitploit", "idList": ["KITPLOIT:249292095984323465"]}, {"type": "threatpost", "idList": ["THREATPOST:C32795DB0AF64BA650F0E0EECFEDF94C", "THREATPOST:F4C7A23E0E9EE24012140A3F80FAF82A"]}]}, "exploitation": null, "vulnersScore": -0.1}, "_state": {"dependencies": 1659890182, "score": 1659890495}, "_internal": {"score_hash": "cd597b84b38888215e3851ac85490353"}}

{"threatpost": [{"lastseen": "2020-12-04T15:11:22", "bulletinFamily": "info", "cvelist": ["CVE-2020-8913"], "description": "UPDATE\n\nResearchers are warning that several popular Google Play applications \u2013 including mobile browser app Edge \u2013 have yet to push out an important update addressing a high-severity vulnerability in the Google Play Core Library.\n\nThe vulnerability exists in Google Play Core Library, which is utilized by various popular applications like Google Chrome, Facebook and Instagram. This is essentially a gateway for interacting with Google Play services from within the application itself, allowing developers to carry out various processes like dynamic code loading, delivering locale-specific resources and interacting with Google Play\u2019s review mechanisms.\n\nThe vulnerability ([CVE-2020-8913](<https://nvd.nist.gov/vuln/detail/CVE-2020-8913>)) in the Google Play Core Library is a local, arbitrary code execution issue in the SplitCompat.install endpoint in of Android\u2019s Play Core Library (in versions prior to 1.7.2). The flaw, which ranks 8.8 out of 10 on the CVSS v3 scale, making it high severity, was previously disclosed in late August. Google patched the flaw on April 6. However, in a report issued Thursday by Check Point researchers warned that the patch still needs to be pushed out by developers for several applications \u2013 and potentially still impacts hundreds of millions of Android users.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\n\u201cUnlike server-side vulnerabilities, where the vulnerability is patched completely once the patch is applied to the server, for client-side vulnerabilities, each developer needs to grab the latest version of the library and insert it into the application,\u201d said Aviran Hazum and Jonathan Shimonovich, security researchers with [Check Point Research on Thursday](<https://research.checkpoint.com/2020/vulnerability-in-google-play-core-library-remains-unpatched-in-google-play-applications>).\n\nIn fact, as of September, researchers had found that 13 percent of Google Play applications used the Google Play Core Library \u2013 and 8 percent of those apps had a vulnerable version. These included several popular apps, such as social app Viber, travel app Booking, business app Cisco Teams, navigation apps Yango Pro and Movit, dating apps Grindr, OKCupid and Bumble, mobile browser app Edge and utility apps Xrecorder and PowerDirector.\n\nSome have rolled patches, including, as of Dec. 4, Bumble. And, as of Dec. 2, Cisco has also addressed this vulnerability in the latest version of Cisco Webex Teams, released in the Google Play Store, a Cisco spokesperson told Threatpost.\n\n\u201cPrior to this publication, we have notified all apps about the vulnerability and the need to update the version of the library, in order not to be affected,\u201d said researchers. \u201cFurther tests show Viber and Booking updated to the patched versions after our notification.\u201d\n\n## **The Flaw**\n\nIn order to exploit the flaw, an attacker would need to convince a victim to install malicious application. The malicious app would then exploit one of the applications with a vulnerable version of the Google Play Core Library. The library handles the payload, loads it and executes the attack; the payload can then access all of the resources available in the hosting application.\n\nThis flaw \u201cis extremely easy to exploit,\u201d said researchers. \u201cAll you need to do is to create a \u2018hello world\u2019 application that calls the exported intent in the vulnerable app to push a file into the verified files folder with the file-traversal path. Then sit back and watch the magic happen.\u201d\n\nMeanwhile, the potential impact of an exploit could be serious, researchers said. If a malicious application exploits this vulnerability, it can execute code inside popular applications and have the same access as the vulnerable application, they warned. That could create a number of malicious situations, including attackers injecting code into banking applications to steal credentials and steal two-factor authentication (2FA) codes, injecting code into enterprise applications to access sensitive corporate resources, or injecting code into instant-messaging apps to view \u2013 and even send \u2013 messages on the victim\u2019s behalf.\n\nResearchers said they reached out to Google with their findings. Google responded in a statement: \u201cThe relevant vulnerability CVE-2020-8913 does not exist in up-to-date Play Core versions.\u201d Application developers are urged to update to Android\u2019s Play Core Library version 1.7.2.\n\n_This article was updated on Dec. 3 at 1 p.m. ET to reflect that Cisco has updated its Android app to address the flaw; and on Dec. 4 at 10 a.m. ET to reflect that Bumble has patched the problem._\n\n**_Put Ransomware on the Run: Save your spot for \u201cWhat\u2019s Next for Ransomware,\u201d a _**[**_FREE Threatpost webinar_**](<https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source=ART&utm_medium=ART&utm_campaign=Dec_webinar>)**_ on Dec. 16 at 2 p.m. ET. Find out what\u2019s coming in the ransomware world and how to fight back. _**\n\n**_Get the latest from John (Austin) Merritt, Cyber Threat Intelligence Analyst at Digital Shadows, and other security experts, on new kinds of attacks. Topics will include the most dangerous ransomware threat actors, their evolving TTPs and what your organization needs to do to get ahead of the next, inevitable ransomware attack. _**[**_Register here_**](<https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source=ART&utm_medium=ART&utm_campaign=Dec_webinar>)**_ for the Wed., Dec. 16 for this LIVE webinar._**\n", "modified": "2020-12-03T11:00:10", "published": "2020-12-03T11:00:10", "id": "THREATPOST:F4C7A23E0E9EE24012140A3F80FAF82A", "href": "https://threatpost.com/google-play-apps-remain-vulnerable-to-high-severity-flaw/161785/", "type": "threatpost", "title": "Google Play Apps Remain Vulnerable to High-Severity Flaw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-03T13:54:03", "description": "Details tied to a stunning iPhone vulnerability were disclosed by noted Google Project Zero researcher Ian Beer. Apple patched the vulnerability earlier this year. But few details, until now, were known about the bug that could have allowed a threat actor to completely take over any iPhone within a nearby vicinity. The hack could of been preformed over the air without even interacting with the victim\u2019s device.\n\nBeer said he spent six months figuring out the \u201cwormable radio-proximity exploit\u201d during a time when quarantines due to the COVID-19 virus were in effect and he was \u201clocked down in the corner\u201d of his bedroom. On Tuesday he published a [blog post](<https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html>) detailing his discovery and the hack.\n\nSpecifically, he was able to remotely trigger an unauthenticated kernel memory corruption vulnerability that causes all iOS devices in radio-proximity to reboot, with no user interaction. \n[](<https://threatpost.com/newsletter-sign/>) \nThe issue existed because of a protocol in contemporary iPhone, iPad, Macs and Apple Watches called Apple Wireless Direct Link (AWDL), Beer explained in his post. This protocol creates mesh networks for features such as AirDrop and Sidecar so these devices can connect and serve their appointed function\u2013such as beam photos and files to other iOS devices, in the case of AirDrop.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2018/08/09015258/Ian-Beer.jpg>)\n\nFile Photo: Ian Beer speaking at the 2018 Black Hat USA security conference.\n\n\u201cChances are that if you own an Apple device you\u2019re creating or connecting to these transient mesh networks multiple times a day without even realizing it,\u201d Beer noted in his post.\n\nApple patched the bug responsible for the exploit in May with [updates](<https://support.apple.com/en-us/HT211176>) iOS 12.4.7 and watchOS 5.3.7, and tracked it as [CVE-2020-3843](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3843>) in supporting documentation.\n\nUntil then, however, the bug could have allowed someone to \u201cview all the photos, read all the email, copy all the private messages and monitor everything which happens on [an iPhone] in real-time\u201d without clicking on anything, Beer said. The hack would only work with devices within WiFi range, he said.\n\nBeer detailed three different exploits\u2014the most advanced of which that ultimately performed all of these functions\u2013using a Raspberry Pi and WiFi adapters that he purchased off the shelf. Installing a prototype implant that can fully access the device took Beer about two minutes, but he said he could have likely pulled it off in a \u201chandful of seconds\u201d with a better exploit.\n\nThe researcher acknowledged that he never saw an evidence of the vulnerability being exploited in the wild. Moreover, since it took him six months to figure out the hack, it\u2019s likely it existed unnoticed by threat actors.\n\nHowever, just because it was not exploited and is fixed now does not trivialize its existence, Beer observed.\n\n\u201cOne person working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they\u2019d come into close contact with,\u201d he said in his post. \u201cImagine the sense of power an attacker with such a capability must feel. As we all pour more and more of our souls into these devices, an attacker can gain a treasure trove of information on an unsuspecting target.\u201d\n\nBeer also noted the range of such attacks also could easily have been boosted using directional antennas, higher transmission powers and sensitive receivers.\n\nResearchers from Google Project Zero [have traditionally been adept](<https://threatpost.com/apple-macos-flaw/142443/>) at [finding flaws](<https://threatpost.com/unpatched-apple-vulnerabilities-latest-google-project-zero-disclosures/110605/>) in Apple products, but lately they have been particularly active in [pointing out](<https://threatpost.com/apple-bug-code-execution-iphone/159332/>) issues that exist in their key rival\u2019s devices. Prior to Beer\u2019s last disclosure, Project Zero researchers identified [three zero-day vulnerabilities](<https://threatpost.com/apple-patches-bugs-zero-days/161010/>) in only the last month that affected iOS and iPad, all of which Apple has patched.\n\n**_Put Ransomware on the Run: Save your spot for \u201cWhat\u2019s Next for Ransomware,\u201d a _**[**_FREE Threatpost webinar_**](<https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source=ART&utm_medium=ART&utm_campaign=Dec_webinar>)**_ on Dec. 16 at 2 p.m. ET. Find out what\u2019s coming in the ransomware world and how to fight back. _**\n\n**_Get the latest from John (Austin) Merritt, Cyber Threat Intelligence Analyst at Digital Shadows, and other security experts, on new kinds of attacks. Topics will include the most dangerous ransomware threat actors, their evolving TTPs and what your organization needs to do to get ahead of the next, inevitable ransomware attack. _**[**_Register here_**](<https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source=ART&utm_medium=ART&utm_campaign=Dec_webinar>)**_ for the Wed., Dec. 16 for this LIVE webinar._**\n", "cvss3": {}, "published": "2020-12-02T13:52:19", "type": "threatpost", "title": "iPhone Bug Allowed for Complete Device Takeover Over the Air", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-3843", "CVE-2020-8913"], "modified": "2020-12-02T13:52:19", "id": "THREATPOST:C32795DB0AF64BA650F0E0EECFEDF94C", "href": "https://threatpost.com/iphone-bug-takeover-over-the-air/161748/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-08T22:59:24", "description": "Google patched ten critical bugs as part of its [December Android Security Bulletin](<https://source.android.com/security/bulletin/2020-12-01#asterisk>). The worst of the bugs was tied to the Android media framework component and gives attacker remote control of vulnerable handsets.\n\nGoogle did not reveal the technical specifics of the critical flaw, tracked as CVE-2020-0458, and will likely not until a majority of handsets are patched. The other nine critical bugs plugged this month by Google are tied to the underlying Qualcomm chipsets and accompanying firmware, common on most Android phones.\n\nThe critical Qualcomm bugs fixed were each rated 9.8 out of 10 in severity, using the[ standard CVSS score](<https://www.imperva.com/learn/application-security/cve-cvss-vulnerability/>). Eight of these flaws were tied to the vendor\u2019s subsystem software that controls audio. Another bug, tracked as [CVE-2020-11225](<https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin#_cve-2020-11225>), is tied to the Qualcomm Wi-Fi radio\u2019s WLAN host communication component. \n[](<https://threatpost.com/newsletter-sign/>)Bug descriptions are available via Qualcomm\u2019s own [December 2020 Security Bulletin](<https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin>), posted Monday. Several of these critical flaws were identified as buffer-overflow bugs and buffer over-read vulnerabilities.\n\nOne the audio flaws, tracked as CVE-2020-11137, is identified as a \u201cbuffer over-read issue in audio\u201d that could be exploited remotely, according to Qualcomm. It wrote, an attacker can create conditions for an \u201cinteger multiplication overflow resulting in lower buffer size allocation than expected [which] causes memory access out of bounds resulting in possible device instability.\u201d\n\nThe Wi-Fi bug is triggered when the chip is forced to \u201cbuffer copy without checking size of input in WLAN\u201d. The result are conditions ripe of a \u201cclassic buffer overflow\u201d attack. This type of attack occurs when an adversary floods a program too much data. \u201cThe excess data corrupts nearby space in memory. If attackers know the memory layout of a program, they can intentionally feed input that the buffer cannot store, and overwrite areas that hold executable code, replacing it with their own code,\u201d [describes Imperva](<https://www.imperva.com/learn/application-security/buffer-overflow/>).\n\nQualcomm credited a number of researchers for discovering vulnerabilities including Haikuo Xie of Huawei Security and Ying Wang of Baidu Security Lab and Jun Yao (\u59da\u4fca) (@_2freeman) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud. Other credited bug hunters included Ben Hawkes of Google Project Zero and researcher Nick Landers. \n**_Put Ransomware on the Run: Save your spot for \u201cWhat\u2019s Next for Ransomware,\u201d a _**[**_FREE Threatpost webinar_**](<https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source=ART&utm_medium=ART&utm_campaign=Dec_webinar>)**_ on Dec. 16 at 2 p.m. ET. Find out what\u2019s coming in the ransomware world and how to fight back. _**\n\n**_Get the latest from John (Austin) Merritt, Cyber Threat Intelligence Analyst at Digital Shadows, and Israel Barak, CISO at Cybereason, on new kinds of attacks. Topics will include the most dangerous ransomware threat actors, their evolving TTPs and what your organization needs to do to get ahead of the next, inevitable ransomware attack. _**[**_Register here_**](<https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source=ART&utm_medium=ART&utm_campaign=Dec_webinar>)**_ for the Wed., Dec. 16 for this LIVE webinar._**\n", "cvss3": {}, "published": "2020-12-08T22:52:24", "type": "threatpost", "title": "Google Patches Critical Wi-Fi and Audio Bugs in Android Handsets", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-0458", "CVE-2020-11137", "CVE-2020-11225", "CVE-2020-8913"], "modified": "2020-12-08T22:52:24", "id": "THREATPOST:F1373033F32E19F9CBC71A49A31852D7", "href": "https://threatpost.com/google-patches-critical-wi-fi-and-audio-bugs-in-android-handsets/162060/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-08T20:30:04", "description": "Adobe Systems has stomped out critical-severity flaws across its Adobe Prelude, Adobe Experience Manager and Adobe Lightroom applications. If exploited, the serious vulnerabilities could lead to arbitrary code execution.\n\nOverall, Adobe issued patches for flaws tied to one important-rated and three critical-severity CVEs, during its regularly scheduled December security updates. The updates follow the company\u2019s November patches, where the [company fixed critical-severity flaws](<https://threatpost.com/adobe-windows-macos-critical-acrobat-reader-flaws/160903/>) tied to four CVEs in the Windows and macOS versions of its Acrobat and Reader family of application software services; all of which could be exploited to execute arbitrary code on affected products.\n\n\u201cAdobe is not aware of any exploits in the wild for any of the issues addressed in these updates,\u201d according to Adobe\u2019s Tuesday security update.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThis month\u2019s Adobe patch roundup included a critical cross-site scripting (XSS) [vulnerability in Adobe Experience](<https://helpx.adobe.com/security/products/experience-manager/apsb20-72.html>) Manager (AEM), the company\u2019s content-management solution for building websites, mobile apps and forms. If exploited, the vulnerability (CVE-2020-24445) could allow a bad actor to execute arbitrary JavaScript on the victim\u2019s browser.\n\nAEM CS, AEM 6.5.6.0 and earlier, AEM 6.4.8.2 and earlier and AEM 6.3.3.8 and earlier are affected; AEM users can update to the fixed AEM versions, below. The update is a \u201cpriority 2\u201d which according to Adobe resolves flaws in a product that \u201chas historically been at elevated risk\u201d \u2013 but for which there are currently no known exploits.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2020/12/08110822/adobe-updates.png>)\n\nAEM Fixed Versions. Credit: Adobe\n\nAn important-severity flaw also exists in AEM (CVE-2020-24444), which stems from blind server-side request forgery (SSRF). Blind SSRF occurs when an application can be manipulated to issue a back-end HTTP request to a supplied URL, but the response from the back-end request is not returned in the application\u2019s front-end response. This issue can result in sensitive data disclosure, according to Adobe.\n\nAdobe also addressed a critical vulnerability in its Lightroom Classic for Windows and macOS, which if exploited could enable arbitrary code execution in the context of the current user. Lightroom Classic is Adobe\u2019s desktop application enabling photo editing.\n\nThe flaw stems from an [uncontrolled search path element in Lightroom Classic](<https://helpx.adobe.com/security/products/lightroom/apsb20-74.html>), version 10.0 and earlier of Windows. An [uncontrolled search path is a weakness](<https://threatpost.com/adobe-critical-code-execution-bugs/160369/>) that occurs when applications use fixed search paths to find resources \u2013 but one or more locations of the path are under control of malicious user. In the case of this flaw (CVE-2020-24447) in Lightroom Classic, the issue could enable arbitrary code execution.\n\nAdobe urged Lightroom Classic users on the Windows and MacOS platforms to update to version 10.1. The update is a \u201cpriority 3\u201d update, meaning it exists in a product that \u201chas historically not been a target for attackers,\u201d according to Adobe.\n\n\u201cAdobe recommends administrators install the update at their discretion,\u201d according to the update.\n\nA final critical vulnerability was patched in Adobe Prelude, Adobe\u2019s logging tool for tagging media with metadata for searching, post-production workflows and footage lifecycle management. This vulnerability is another uncontrolled search path (CVE-2020-24440) that affects Adobe Prelude version 9.0.1 and earlier for Windows. If exploited, the flaw could enable arbitrary code execution.\n\nUsers are urged to update to Adobe Prelude version 9.0.2 for Windows and macOS in what Adobe prescribes a \u201cpriority 3\u201d update rating.\n\nAdobe Systems has dealt with various security issues over the past few months. In October, after [warning of a critical vulnerability](<https://threatpost.com/flash-player-flaw-adobe-rce/160034/>) in its Flash Player application for users on Windows, macOS, Linux and ChromeOS operating systems, Adobe [released 18 out-of-band security patches](<https://threatpost.com/adobe-critical-code-execution-bugs/160369/>) in 10 different software packages, including fixes for critical vulnerabilities that stretch across its product suite. Adobe Illustrator was hit the hardest.\n\n**_Put Ransomware on the Run: Save your spot for \u201cWhat\u2019s Next for Ransomware,\u201d a _**[**_FREE Threatpost webinar_**](<https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source=ART&utm_medium=ART&utm_campaign=Dec_webinar>)**_ on Dec. 16 at 2 p.m. ET. Find out what\u2019s coming in the ransomware world and how to fight back. _**\n\n**_Get the latest from John (Austin) Merritt, Cyber Threat Intelligence Analyst at Digital Shadows, and Israel Barak, CISO at Cybereason, on new kinds of attacks. Topics will include the most dangerous ransomware threat actors, their evolving TTPs and what your organization needs to do to get ahead of the next, inevitable ransomware attack. _**[**_Register here_**](<https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source=ART&utm_medium=ART&utm_campaign=Dec_webinar>)**_ for the Wed., Dec. 16 for this LIVE webinar._**\n", "cvss3": {}, "published": "2020-12-08T16:36:45", "type": "threatpost", "title": "Adobe Warns Windows, macOS Users of Critical-Severity Flaws", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-24440", "CVE-2020-24444", "CVE-2020-24445", "CVE-2020-24447", "CVE-2020-8913"], "modified": "2020-12-08T16:36:45", "id": "THREATPOST:4633FBDFBBCB7E351875F001CDE3F5D6", "href": "https://threatpost.com/adobe-windows-macos-critical-severity-flaws/162007/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-07T21:40:54", "description": "QNAP Systems is warning of high-severity flaws that plague its top-selling network attached storage (NAS) devices. If exploited, the most severe of the flaws could allow attackers to remotely take over NAS devices.\n\nNAS devices are systems that consist of one or more hard drives that are constantly connected to the internet \u2013 acting as a backup \u201chub\u201d or storage unit that stores all important files and media such as photos, videos and music. Overall, QNAP on Monday issued patches for cross-site scripting (XSS) flaws tied to six CVEs.\n\nFour of these vulnerabilities stem from an XSS issue that affects [earlier versions of QTS and QuTS hero](<https://www.qnap.com/en-us/security-advisory/qsa-20-12>). QTS is the operating system for NAS systems, while the QuTS Hero is an operating system that combines the app-based QTS with a 128-bit ZFS file system to provide more storage management.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nTwo of these XSS flaws (CVE-2020-2495 and CVE-2020-2496) could allow remote attackers to inject malicious code into File Station. File Station is a built-in QTS app that allows users to manage files stored on their QNAP NAS systems.\n\nAnother flaw (CVE-2020-2497) can enable remote attackers to inject malicious code in System Connection Logs; while the fourth flaw (CVE-2020-2498) allows attackers to remotely inject malicious code into the certificate configuration.\n\nQNAP said \u201cwe strongly recommend updating your system to the latest version\u201d of QTS and QuTS hero: QuTS hero h4.5.1.1472 build 20201031 and later, QTS 4.5.1.1456 build 20201015 and later, QTS 4.4.3.1354 build 20200702 and later, QTS 4.3.6.1333 build 20200608 and later, QTS 4.3.4.1368 build 20200703 and later, QTS 4.3.3.1315 build 20200611 and later; and QTS 4.2.6 build 20200611 and later.\n\nUsers can do so by logging onto the QTS or QuTS hero as an administrator, going to Control Panel &gt; System &gt; Firmware Update and clicking Check for Updating under \u201cLive Update.\u201d\n\nAnother high-severity XSS vulnerability (CVE-2020-2491) exists [in the Photo Station feature](<https://www.qnap.com/en-us/security-advisory/qsa-20-15>) of QNAP NAS systems, which enables remote photo management. The flaw allows attackers to remotely inject malicious code.\n\nAccording to QNAP, it has been fixed in the following versions of the QTS operating system: QTS 4.5.1 (Photo Station 6.0.12 and later); QTS 4.4.3 (Photo Station 6.0.12 and later); QTS 4.3.6 (Photo Station 5.7.12 and later); QTS 4.3.4 (Photo Station 5.7.13 and later); QTS 4.3.3 (Photo Station 5.4.10 and later) and QTS 4.2.6 (Photo Station 5.2.11 and later).\n\nThe final XSS flaw (CVE-2020-2493) [exists in the Multimedia Console](<https://www.qnap.com/en-us/security-advisory/qsa-20-14>) of QNAP NAS systems, and allows remote attackers to inject malicious code. The Multimedia Console feature enables indexing, transcoding, thumbnail generation and content management so users can manage multimedia apps and services more efficiently.\n\n\u201cWe have already fixed this vulnerability in Multimedia Console 1.1.5 and later,\u201d said QNAP in its advisory.\n\nQNAP Systems hardware are no strangers to being attack targets. Last year, attackers crafted malware [specifically designed to target NAS devices](<https://threatpost.com/malware-targets-qnap-hardware/149796/>). Also in July 2019, researchers highlighted an [unusual Linux ransomware, called QNAPCrypt, which targeted QNAP NAS servers](<https://threatpost.com/linux-ransomware-nas-servers/146441/>). Researchers have also previously found [multiple bugs in QNAP\u2019s Q\u2019Center Web Console](<https://threatpost.com/multiple-bugs-found-in-qnap-qcenter-web-console/133884/>); while in 2014, a worm exploiting the Bash vulnerability in QNAP network attached storage [devices was also discovered](<https://threatpost.com/shellshock-worm-exploiting-unpatched-qnap-nas-devices/109870/>).\n\n**_Put Ransomware on the Run: Save your spot for \u201cWhat\u2019s Next for Ransomware,\u201d a _**[**_FREE Threatpost webinar_**](<https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source=ART&utm_medium=ART&utm_campaign=Dec_webinar>)**_ on Dec. 16 at 2 p.m. ET. Find out what\u2019s coming in the ransomware world and how to fight back. _**\n\n**_Get the latest from John (Austin) Merritt, Cyber Threat Intelligence Analyst at Digital Shadows, and Israel Barak, CISO at Cybereason, on new kinds of attacks. Topics will include the most dangerous ransomware threat actors, their evolving TTPs and what your organization needs to do to get ahead of the next, inevitable ransomware attack. _**[**_Register here_**](<https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source=ART&utm_medium=ART&utm_campaign=Dec_webinar>)**_ for the Wed., Dec. 16 for this LIVE webinar._**\n", "cvss3": {}, "published": "2020-12-07T16:15:48", "type": "threatpost", "title": "QNAP High-Severity Flaws Plague NAS Systems", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-2491", "CVE-2020-2493", "CVE-2020-2495", "CVE-2020-2496", "CVE-2020-2497", "CVE-2020-2498", "CVE-2020-8913"], "modified": "2020-12-07T16:15:48", "id": "THREATPOST:AE8C2DF2B7905295285808EF622BB98B", "href": "https://threatpost.com/qnap-flaws-plague-nas-systems/161924/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T19:03:35", "description": "A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application's data on the Android device. We recommend all users update Play Core to version 1.7.2 or later.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-08-12T07:15:00", "type": "cve", "title": "CVE-2020-8913", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8913"], "modified": "2020-08-31T18:15:00", "cpe": [], "id": "CVE-2020-8913", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8913", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "kitploit": [{"lastseen": "2022-04-07T12:02:30", "description": "[](<https://1.bp.blogspot.com/-kNQtiqIYpbU/X5eREKBi3EI/AAAAAAAAUL0/fFWLXq5zsHYXvokqmKdj49jLsdBiSH8gQCNcBGAsYHQ/s1590/awesome-android-security_2_androidsec.png>)\n\n \n\n\nA curated list of Android Security materials and resources For Pentesters and Bug Hunters.\n\n \n\n\n**Blog** \n\n\n * [AAPG - Android application penetration testing guide](<https://nightowl131.github.io/AAPG/> \"AAPG - Android application penetration testing guide\" )\n * [TikTok: three persistent arbitrary code executions and one theft of arbitrary files](<https://blog.oversecured.com/Oversecured-detects-dangerous-vulnerabilities-in-the-TikTok-Android-app/> \"TikTok: three persistent arbitrary code executions and one theft of arbitrary files\" )\n * [Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913](<https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/> \"Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913\" )\n * [Android: Access to app protected components](<https://blog.oversecured.com/Android-Access-to-app-protected-components/> \"Android: Access to app protected components\" )\n * [Android: arbitrary code execution via third-party package contexts](<https://blog.oversecured.com/Android-arbitrary-code-execution-via-third-party-package-contexts/> \"Android: arbitrary code execution via third-party package contexts\" )\n * [Android Pentesting Labs - Step by Step guide for beginners](<https://medium.com/bugbountywriteup/android-pentesting-lab-4a6fe1a1d2e0> \"Android Pentesting Labs - Step by Step guide for beginners\" )\n * [An Android Hacking Primer](<https://medium.com/swlh/an-android-hacking-primer-3390fef4e6a0> \"An Android Hacking Primer\" )\n * [An Android Security tips](<https://developer.android.com/training/articles/security-tips> \"An Android Security tips\" )\n * [OWASP Mobile Security Testing Guide](<https://www.owasp.org/index.php/OWASP_Mobile_Security_Testing_Guide> \"OWASP Mobile Security Testing Guide\" )\n * [Security Testing for Android Cross Platform Application](<https://3xpl01tc0d3r.blogspot.com/2019/09/security-testing-for-android-app-part1.html> \"Security Testing for Android Cross Platform Application\" )\n * [Dive deep into ](<https://blog.0daylabs.com/2019/09/18/deep-dive-into-Android-security/> \"Dive deep into\" )[Android Application](<https://www.kitploit.com/search/label/Android%20Application> \"Android Application\" ) Security\n * [Pentesting Android Apps Using Frida](<https://www.notsosecure.com/pentesting-android-apps-using-frida/> \"Pentesting Android Apps Using Frida\" )\n * [Mobile Security Testing Guide](<https://mobile-security.gitbook.io/mobile-security-testing-guide/> \"Mobile Security Testing Guide\" )\n * [Android Applications Reversing 101](<https://www.evilsocket.net/2017/04/27/Android-Applications-Reversing-101/#.WQND0G3TTOM.reddit> \"Android Applications Reversing 101\" )\n * [Android Security Guidelines](<https://developer.box.com/en/guides/security/> \"Android Security Guidelines\" )\n * [Android WebView Vulnerabilities](<https://pentestlab.blog/2017/02/12/android-webview-vulnerabilities/> \"Android WebView Vulnerabilities\" )\n * [OWASP Mobile Top 10](<https://www.owasp.org/index.php/OWASP_Mobile_Top_10> \"OWASP Mobile Top 10\" )\n * [Practical Android Phone Forensics](<https://resources.infosecinstitute.com/practical-android-phone-forensics/> \"Practical Android Phone Forensics\" )\n * [Mobile Pentesting With Frida](<https://drive.google.com/file/d/1JccmMLi6YTnyRrp_rk6vzKrUX3oXK_Yw/view> \"Mobile Pentesting With Frida\" )\n * [Zero to Hero - Mobile Application Testing - Android Platform](<https://nileshsapariya.blogspot.com/2016/11/zero-to-hero-mobile-application-testing.html> \"Zero to Hero - Mobile Application Testing - Android Platform\" )\n \n**How To's** \n\n\n * [How To Configuring Burp Suite With Android Nougat](<https://blog.ropnop.com/configuring-burp-suite-with-android-nougat/> \"How To Configuring Burp Suite With Android Nougat\" )\n * [How To Bypassing Xamarin Certificate Pinning](<https://www.gosecure.net/blog/2020/04/06/bypassing-xamarin-certificate-pinning-on-android/> \"How To Bypassing Xamarin Certificate Pinning\" )\n * [How To Bypassing Android Anti-Emulation](<https://www.juanurs.com/Bypassing-Android-Anti-Emulation-Part-I/> \"How To Bypassing Android Anti-Emulation\" )\n * [How To Secure an Android Device](<https://source.android.com/security> \"How To Secure an Android Device\" )\n * [Android Root Detection Bypass Using Objection and Frida Scripts](<https://medium.com/@GowthamR1/android-root-detection-bypass-using-objection-and-frida-scripts-d681d30659a7> \"Android Root Detection Bypass Using Objection and Frida Scripts\" )\n * [Root Detection Bypass By Manual Code Manipulation.](<https://medium.com/@sarang6489/root-detection-bypass-by-manual-code-manipulation-5478858f4ad1> \"Root Detection Bypass By Manual Code Manipulation.\" )\n * [Magisk Systemless Root - Detection and Remediation](<https://www.mobileiron.com/en/blog/magisk-android-rooting> \"Magisk Systemless Root - Detection and Remediation\" )\n * [How to use FRIDA to bruteforce Secure Startup with FDE-encryption on a Samsung G935F running Android 8](<https://github.com/Magpol/fridafde> \"How to use FRIDA to bruteforce Secure Startup with FDE-encryption on a Samsung G935F running Android 8\" )\n \n**Paper** \n\n\n * [AndrODet: An adaptive Android obfuscation detector](<https://arxiv.org/pdf/1910.06192.pdf> \"AndrODet: An adaptive Android obfuscation detector\" )\n * [GEOST BOTNET - the discovery story of a new Android banking trojan](<http://public.avast.com/research/VB2019-Garcia-etal.pdf> \"GEOST BOTNET - the discovery story of a new Android banking trojan\" )\n \n**Books** \n\n\n * [SEI CERT Android Secure Coding Standard](<https://www.securecoding.cert.org/confluence/display/android/Android+Secure+Coding+Standard> \"SEI CERT Android Secure Coding Standard\" )\n * [Android Security Internals](<https://www.oreilly.com/library/view/android-security-internals/9781457185496/> \"Android Security Internals\" )\n * [Android Cookbook](<https://androidcookbook.com/> \"Android Cookbook\" )\n * [Android Hacker's Handbook](<https://www.amazon.com/Android-Hackers-Handbook-Joshua-Drake/dp/111860864X> \"Android Hacker's Handbook\" )\n * [Android Security Cookbook](<https://www.packtpub.com/in/application-development/android-security-cookbook> \"Android Security Cookbook\" )\n * [The Mobile Application Hacker's Handbook](<https://www.amazon.in/Mobile-Application-Hackers-Handbook-ebook/dp/B00TSA6KLG> \"The Mobile Application Hacker's Handbook\" )\n * [Android Malware and Analysis](<https://www.oreilly.com/library/view/android-malware-and/9781482252200/> \"Android Malware and Analysis\" )\n * [Android Security: Attacks and Defenses](<https://www.crcpress.com/Android-Security-Attacks-and-Defenses/Misra-Dubey/p/book/9780367380182> \"Android Security: Attacks and Defenses\" )\n * [Learning ](<https://www.amazon.com/Learning-Penetration-Testing-Android-Devices-ebook/dp/B077L7SNG8> \"Learning\" )[Penetration Testing](<https://www.kitploit.com/search/label/Penetration%20Testing> \"Penetration Testing\" ) For Android Devices\n \n**Course** \n\n\n * [Learning-Android-Security](<https://www.lynda.com/Android-tutorials/Learning-Android-Security/689762-2.html> \"Learning-Android-Security\" )\n * [Mobile Application Security and Penetration Testing](<https://www.elearnsecurity.com/course/mobile_application_security_and_penetration_testing/> \"Mobile Application Security and Penetration Testing\" )\n * [Advanced Android Development](<https://developer.android.com/courses/advanced-training/overview> \"Advanced Android Development\" )\n * [Learn the art of mobile app development](<https://www.edx.org/professional-certificate/harvardx-computer-science-and-mobile-apps> \"Learn the art of mobile app development\" )\n * [Learning Android Malware Analysis](<https://www.linkedin.com/learning/learning-android-malware-analysis> \"Learning Android Malware Analysis\" )\n * [Android App Reverse Engineering 101](<https://maddiestone.github.io/AndroidAppRE/> \"Android App Reverse Engineering 101\" )\n * [MASPT V2](<https://www.elearnsecurity.com/course/mobile_application_security_and_penetration_testing/> \"MASPT V2\" )\n * [Android Pentration Testing(Persian)](<https://www.youtube.com/watch?v=XqS_bA6XfNU&list=PLvVo-xqnJCI7rftDaiEtWFLXlkxN-1Nxn> \"Android Pentration Testing\\(Persian\\)\" )\n \n**Tools** \n \n**Static Analysis** \n\n\n * [Apktool:A tool for reverse engineering Android apk files](<https://ibotpeaches.github.io/Apktool/> \"Apktool:A tool for reverse engineering Android apk files\" )\n\n * [quark-engine - An Obfuscation-Neglect Android Malware Scoring System](<https://github.com/quark-engine/quark-engine> \"quark-engine - An Obfuscation-Neglect Android Malware Scoring System\" )\n\n * [DeGuard:Statistical Deobfuscation for Android](<http://apk-deguard.com/> \"DeGuard:Statistical Deobfuscation for Android\" )\n\n * [jadx - Dex to Java decompiler](<https://github.com/skylot/jadx/releases> \"jadx - Dex to Java decompiler\" )\n\n * [Amandroid \u2013 A Static Analysis Framework](<http://pag.arguslab.org/argus-saf> \"Amandroid \u2013 A Static Analysis Framework\" )\n\n * [Androwarn \u2013 Yet Another Static Code Analyzer](<https://github.com/maaaaz/androwarn/> \"Androwarn \u2013 Yet Another Static Code Analyzer\" )\n\n * [Droid Hunter \u2013 Android application ](<https://github.com/hahwul/droid-hunter> \"Droid Hunter \u2013 Android application\" )[vulnerability analysis](<https://www.kitploit.com/search/label/Vulnerability%20Analysis> \"vulnerability analysis\" ) and Android pentest tool\n\n * [Error Prone \u2013 Static Analysis Tool](<https://github.com/google/error-prone> \"Error Prone \u2013 Static Analysis Tool\" )\n\n * [Findbugs \u2013 Find Bugs in Java Programs](<http://findbugs.sourceforge.net/downloads.html> \"Findbugs \u2013 Find Bugs in Java Programs\" )\n\n * [Find Security Bugs \u2013 A SpotBugs plugin for security audits of Java web applications.](<https://github.com/find-sec-bugs/find-sec-bugs/> \"Find Security Bugs \u2013 A SpotBugs plugin for security audits of Java web applications.\" )\n\n * [Flow Droid \u2013 Static Data Flow Tracker](<https://github.com/secure-software-engineering/FlowDroid> \"Flow Droid \u2013 Static Data Flow Tracker\" )\n\n * [Smali/Baksmali \u2013 Assembler/Disassembler for the dex format](<https://github.com/JesusFreke/smali> \"Smali/Baksmali \u2013 Assembler/Disassembler for the dex format\" )\n\n * [Smali-CFGs \u2013 Smali Control Flow Graph\u2019s](<https://github.com/EugenioDelfa/Smali-CFGs> \"Smali-CFGs \u2013 Smali Control Flow Graph\u2019s\" )\n\n * [SPARTA \u2013 Static Program Analysis for Reliable Trusted Apps](<https://www.cs.washington.edu/sparta> \"SPARTA \u2013 Static Program Analysis for Reliable Trusted Apps\" )\n\n * [Gradle Static Analysis Plugin](<https://github.com/novoda/gradle-static-analysis-plugin> \"Gradle Static Analysis Plugin\" )\n\n * [Checkstyle \u2013 A tool for checking Java source code](<https://github.com/checkstyle/checkstyle> \"Checkstyle \u2013 A tool for checking Java source code\" )\n\n * [PMD \u2013 An extensible multilanguage static code analyzer](<https://github.com/pmd/pmd> \"PMD \u2013 An extensible multilanguage static code analyzer\" )\n\n * [Soot \u2013 A Java Optimization Framework](<https://github.com/Sable/soot> \"Soot \u2013 A Java Optimization Framework\" )\n\n * [Android Quality Starter](<https://github.com/pwittchen/android-quality-starter> \"Android Quality Starter\" )\n\n * [QARK \u2013 Quick Android Review Kit](<https://github.com/linkedin/qark> \"QARK \u2013 Quick Android Review Kit\" )\n\n * [Infer \u2013 A Static Analysis tool for Java, C, C++ and Objective-C](<https://github.com/facebook/infer> \"Infer \u2013 A Static Analysis tool for Java, C, C++ and Objective-C\" )\n\n * [Android Check \u2013 Static Code analysis plugin for Android Project](<https://github.com/noveogroup/android-check> \"Android Check \u2013 Static Code analysis plugin for Android Project\" )\n\n * [FindBugs-IDEA Static byte code analysis to look for bugs in Java code](<https://plugins.jetbrains.com/plugin/3847-findbugs-idea> \"FindBugs-IDEA Static byte code analysis to look for bugs in Java code\" )\n\n * [APK Leaks \u2013 Scanning APK file for URIs, endpoints &amp; secrets](<https://github.com/dwisiswant0/apkleaks> \"APK Leaks \u2013 Scanning APK file for URIs, endpoints & secrets\" )\n\n * [Trueseeing \u2013 fast, accurate and resillient vulnerabilities scanner for Android apps](<https://github.com/monolithworks/trueseeing> \"Trueseeing \u2013 fast, accurate and resillient vulnerabilities scanner for Android apps\" )\n\n * [StaCoAn \u2013 crossplatform tool which aids developers, bugbounty hunters and ethical hackers](<https://github.com/vincentcox/StaCoAn> \"StaCoAn \u2013 crossplatform tool which aids developers, bugbounty hunters and ethical hackers\" )\n\n \n**Dynamic Analysis** \n\n\n * [Mobile-Security-Framework MobSF](<https://github.com/MobSF/Mobile-Security-Framework-MobSF> \"Mobile-Security-Framework MobSF\" )\n * [Magisk v20.2 - Root &amp; Universal Systemless Interface](<https://github.com/topjohnwu/Magisk5> \"Magisk v20.2 - Root & Universal Systemless Interface\" )\n * [Runtime Mobile Security (RMS) - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime](<https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security> \"Runtime Mobile Security \\(RMS\\) - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime\" )\n * [Droid-FF - Android File Fuzzing Framework](<https://github.com/antojoseph/droid-ff> \"Droid-FF - Android File Fuzzing Framework\" )\n * [Drozer](<https://github.com/FSecureLABS/drozer> \"Drozer\" )\n * [Inspeckage](<https://github.com/ac-pm/Inspeckage> \"Inspeckage\" )\n * [PATDroid - Collection of tools and data structures for analyzing Android applications](<https://github.com/mingyuan-xia/PATDroid> \"PATDroid - Collection of tools and data structures for analyzing Android applications\" )\n * [Radare2 - Unix-like ](<https://github.com/radareorg/radare2> \"Radare2 - Unix-like\" )[reverse engineering framework](<https://www.kitploit.com/search/label/Reverse%20Engineering%20Framework> \"reverse engineering framework\" ) and commandline tools\n * [Cutter - Free and Open Source RE Platform powered by radare2](<https://cutter.re/> \"Cutter - Free and Open Source RE Platform powered by radare2\" )\n * [ByteCodeViewer - Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)](<https://bytecodeviewer.com/> \"ByteCodeViewer - Android APK Reverse Engineering Suite \\(Decompiler, Editor, Debugger\\)\" )\n \n**Online APK Analyzers** \n\n\n * [Oversecured](<https://oversecured.com/> \"Oversecured\" )\n * [Android Observatory APK Scan](<https:/androidobservatory.org/upload> \"Android Observatory APK Scan\" )\n * [AndroTotal](<http://andrototal.org/> \"AndroTotal\" )\n * [VirusTotal](<https://www.virustotal.com/#/home/upload> \"VirusTotal\" )\n * [Scan Your APK](<https://scanyourapk.com/> \"Scan Your APK\" )\n * [AVC Undroid](<https://undroid.av-comparatives.org/index.php> \"AVC Undroid\" )\n * [OPSWAT](<https://metadefender.opswat.com/#!/> \"OPSWAT\" )\n * [ImmuniWeb Mobile App Scanner](<https://www.htbridge.com/mobile/> \"ImmuniWeb Mobile App Scanner\" )\n * [Ostor Lab](<https://www.ostorlab.co/scan/mobile/> \"Ostor Lab\" )\n * [Quixxi](<https://quixxisecurity.com/> \"Quixxi\" )\n * [TraceDroid](<http://tracedroid.few.vu.nl/submit.php> \"TraceDroid\" )\n * [Visual Threat](<http://www.visualthreat.com/UIupload.action> \"Visual Threat\" )\n * [App Critique](<https://appcritique.boozallen.com/> \"App Critique\" )\n * [Jotti's malware scan](<https://virusscan.jotti.org/> \"Jotti's malware scan\" )\n * [kaspersky scanner](<https://opentip.kaspersky.com/> \"kaspersky scanner\" )\n \n**Online APK Decompiler** \n\n\n * [Android APK Decompiler](<http://www.decompileandroid.com/> \"Android APK Decompiler\" )\n * [Java Decompiler APk](<http://www.javadecompilers.com/apk> \"Java Decompiler APk\" )\n * [APK DECOMPILER APP](<https://www.apkdecompilers.com/> \"APK DECOMPILER APP\" )\n * [DeAPK is an open-source, online APK decompiler ](<https://deapk.vaibhavpandey.com/> \"DeAPK is an open-source, online APK decompiler\" )\n * [apk and dex decompilation back to Java source code](<http://www.decompiler.com/> \"apk and dex decompilation back to Java source code\" )\n * [APK Decompiler Tools](<https://apk.tools/tools/apk-decompiler/alternateURL/> \"APK Decompiler Tools\" )\n \n**Labs** \n\n\n * [OVAA (Oversecured Vulnerable Android App)](<https://github.com/oversecured/ovaa> \"OVAA \\(Oversecured Vulnerable Android App\\)\" )\n * [DIVA (Damn insecure and vulnerable App)](<https://github.com/payatu/diva-android> \"DIVA \\(Damn insecure and vulnerable App\\)\" )\n * [OWASP Security Shepherd ](<https://github.com/OWASP/SecurityShepherd> \"OWASP Security Shepherd\" )\n * [Damn Vulnerable Hybrid Mobile App (DVHMA)](<https://github.com/logicalhacking/DVHMA> \"Damn Vulnerable Hybrid Mobile App \\(DVHMA\\)\" )\n * [OWASP-mstg(UnCrackable Mobile Apps)](<https://github.com/OWASP/owasp-mstg/tree/master/Crackmes> \"OWASP-mstg\\(UnCrackable Mobile Apps\\)\" )\n * [VulnerableAndroidAppOracle](<https://github.com/dan7800/VulnerableAndroidAppOracle> \"VulnerableAndroidAppOracle\" )\n * [Android InsecureBankv2](<https://github.com/dineshshetty/Android-InsecureBankv2> \"Android InsecureBankv2\" )\n * [Purposefully Insecure and Vulnerable Android Application (PIIVA)](<https://github.com/htbridge/pivaa> \"Purposefully Insecure and Vulnerable Android Application \\(PIIVA\\)\" )\n * [Sieve app(An android application which exploits through android components)](<https://github.com/mwrlabs/drozer/releases/download/2.3.4/sieve.apk> \"Sieve app\\(An android application which exploits through android components\\)\" )\n * [DodoVulnerableBank(Insecure Vulnerable Android Application that helps to learn hacing and securing apps)](<https://github.com/CSPF-Founder/DodoVulnerableBank> \"DodoVulnerableBank\\(Insecure Vulnerable Android Application that helps to learn hacing and securing apps\\)\" )\n * [Digitalbank(Android Digital Bank Vulnerable Mobile App)](<https://github.com/CyberScions/Digitalbank> \"Digitalbank\\(Android Digital Bank Vulnerable Mobile App\\)\" )\n * [AppKnox Vulnerable Application](<https://github.com/appknox/vulnerable-application> \"AppKnox Vulnerable Application\" )\n * [Vulnerable Android Application](<https://github.com/Lance0312/VulnApp> \"Vulnerable Android Application\" )\n * [Android Security Labs](<https://github.com/SecurityCompass/AndroidLabs> \"Android Security Labs\" )\n * [Android-security Sandbox](<https://github.com/rafaeltoledo/android-security> \"Android-security Sandbox\" )\n * [VulnDroid(CTF Style Vulnerable Android App)](<https://github.com/shahenshah99/VulnDroid> \"VulnDroid\\(CTF Style Vulnerable Android App\\)\" )\n * [FridaLab](<https://rossmarks.uk/blog/fridalab/> \"FridaLab\" )\n * [Santoku Linux - Mobile Security VM](<https://santoku-linux.com/> \"Santoku Linux - Mobile Security VM\" )\n * [AndroL4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis](<https://github.com/sh4hin/Androl4b> \"AndroL4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis\" )\n \n**Talks** \n\n\n * [One Step Ahead of Cheaters -- Instrumenting Android Emulators](<https://www.youtube.com/watch?v=L3AniAxp_G4> \"One Step Ahead of Cheaters -- Instrumenting Android Emulators\" )\n * [Vulnerable Out of the Box: An Evaluation of Android Carrier Devices](<https://www.youtube.com/watch?v=R2brQvQeTvM> \"Vulnerable Out of the Box: An Evaluation of Android Carrier Devices\" )\n * [Rock appround the clock: Tracking malware developers by Android](<https://www.youtube.com/watch?v=wd5OU9NvxjU> \"Rock appround the clock: Tracking malware developers by Android\" )\n * [Chaosdata - Ghost in the Droid: Possessing Android Applications with ParaSpectre](<https://www.youtube.com/watch?v=ohjTWylMGEA> \"Chaosdata - Ghost in the Droid: Possessing Android Applications with ParaSpectre\" )\n * [Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets](<https://www.youtube.com/watch?v=TDk2RId8LFo> \"Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets\" )\n * [Honey, I Shrunk the Attack Surface \u2013 Adventures in Android Security Hardening](<https://www.youtube.com/watch?v=EkL1sDMXRVk> \"Honey, I Shrunk the Attack Surface \u2013 Adventures in Android Security Hardening\" )\n * [Hide Android Applications in Images](<https://www.youtube.com/watch?v=hajOlvLhYJY> \"Hide Android Applications in Images\" )\n * [Scary Code in the Heart of Android](<https://www.youtube.com/watch?v=71YP65UANP0> \"Scary Code in the Heart of Android\" )\n * [Fuzzing Android: A Recipe For Uncovering Vulnerabilities Inside System Components In Android](<https://www.youtube.com/watch?v=q_HibdrbIxo> \"Fuzzing Android: A Recipe For Uncovering Vulnerabilities Inside System Components In Android\" )\n * [Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library](<https://www.youtube.com/watch?v=s0Tqi7fuOSU> \"Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library\" )\n * [Android FakeID Vulnerability Walkthrough](<https://www.youtube.com/watch?v=5eJYCucZ-Tc> \"Android FakeID Vulnerability Walkthrough\" )\n * [Unleashing D* on Android Kernel Drivers](<https://www.youtube.com/watch?v=1XavjjmfZAY> \"Unleashing D* on Android Kernel Drivers\" )\n * [The Smarts Behind Hacking Dumb Devices](<https://www.youtube.com/watch?v=yU1BrY1ZB2o> \"The Smarts Behind Hacking Dumb Devices\" )\n * [Overview of common Android app vulnerabilities](<https://www.bugcrowd.com/resources/webinars/overview-of-common-android-app-vulnerabilities/> \"Overview of common Android app vulnerabilities\" )\n * [Android security architecture](<https://www.youtube.com/watch?v=3asW-nBU-JU> \"Android security architecture\" )\n * [Get the Ultimate Privilege of Android Phone](<https://vimeo.com/335948808> \"Get the Ultimate Privilege of Android Phone\" )\n \n**Misc** \n\n\n * [Android Malware Adventures](<https://docs.google.com/presentation/d/1pYB522E71hXrp4m3fL3E3fnAaOIboJKqpbyE5gSsOes/edit> \"Android Malware Adventures\" )\n * [Android-Reports-and-Resources](<https://github.com/B3nac/Android-Reports-and-Resources/blob/master/README.md> \"Android-Reports-and-Resources\" )\n * [Hands On Mobile API Security](<https://hackernoon.com/hands-on-mobile-api-security-get-rid-of-client-secrets-a79f111b6844> \"Hands On Mobile API Security\" )\n * [Android Penetration Testing Courses](<https://medium.com/mobile-penetration-testing/android-penetration-testing-courses-4effa36ac5ed> \"Android Penetration Testing Courses\" )\n * [Lesser-known Tools for Android Application PenTesting](<https://captmeelo.com/pentest/2019/12/30/lesser-known-tools-for-android-pentest.html> \"Lesser-known Tools for Android Application PenTesting\" )\n * [android-device-check - a set of scripts to check Android device security configuration](<https://github.com/nelenkov/android-device-check> \"android-device-check - a set of scripts to check Android device security configuration\" )\n * [apk-mitm - a CLI application that prepares Android APK files for HTTPS inspection](<https://github.com/shroudedcode/apk-mitm> \"apk-mitm - a CLI application that prepares Android APK files for HTTPS inspection\" )\n * [Andriller - is software utility with a collection of forensic tools for smartphones](<https://github.com/den4uk/andriller> \"Andriller - is software utility with a collection of forensic tools for smartphones\" )\n * [Dexofuzzy: Android malware similarity clustering method using opcode sequence-Paper](<https://www.virusbulletin.com/virusbulletin/2019/11/dexofuzzy-android-malware-similarity-clustering-method-using-opcode-sequence/> \"Dexofuzzy: Android malware similarity clustering method using opcode sequence-Paper\" )\n * [Chasing the Joker](<https://docs.google.com/presentation/d/1sFGAERaNRuEORaH06MmZKeFRqpJo1ol1xFieUa1X_OA/edit#slide=id.p1> \"Chasing the Joker\" )\n * [Side Channel Attacks in 4G and 5G Cellular Networks-Slides](<https://i.blackhat.com/eu-19/Thursday/eu-19-Hussain-Side-Channel-Attacks-In-4G-And-5G-Cellular-Networks.pdf> \"Side Channel Attacks in 4G and 5G Cellular Networks-Slides\" )\n * [Shodan.io-mobile-app for Android](<https://github.com/PaulSec/Shodan.io-mobile-app> \"Shodan.io-mobile-app for Android\" )\n * [Popular Android Malware 2018](<https://github.com/sk3ptre/AndroidMalware_2018> \"Popular Android Malware 2018\" )\n * [Popular Android Malware 2019](<https://github.com/sk3ptre/AndroidMalware_2019> \"Popular Android Malware 2019\" )\n * [Popular Android Malware 2020](<https://github.com/sk3ptre/AndroidMalware_2020> \"Popular Android Malware 2020\" )\n \n**Bug Bounty &amp; Writeup** \n\n\n * [Hacker101 CTF: Android Challenge Writeups](<https://medium.com/bugbountywriteup/hacker101-ctf-android-challenge-writeups-f830a382c3ce> \"Hacker101 CTF: Android Challenge Writeups\" )\n\n * [Arbitrary code execution on Facebook for Android through download feature](<https://medium.com/@dPhoeniixx/arbitrary-code-execution-on-facebook-for-android-through-download-feature-fb6826e33e0f> \"Arbitrary code execution on Facebook for Android through download feature\" )\n\n * [RCE via Samsung Galaxy Store App](<https://labs.f-secure.com/blog/samsung-s20-rce-via-samsung-galaxy-store-app/> \"RCE via Samsung Galaxy Store App\" )\n\n \n**Cheat Sheet** \n\n\n * [Mobile Application Penetration Testing Cheat Sheet](<https://github.com/sh4hin/MobileApp-Pentest-Cheatsheet> \"Mobile Application Penetration Testing Cheat Sheet\" )\n * [ADB (Android Debug Bridge) Cheat Sheet](<https://www.mobileqaengineer.com/blog/2020/2/4/adb-android-debug-bridge-cheat-sheet> \"ADB \\(Android Debug Bridge\\) Cheat Sheet\" )\n * [Frida Cheatsheet and Code Snippets for Android](<https://erev0s.com/blog/frida-code-snippets-for-android/> \"Frida Cheatsheet and Code Snippets for Android\" )\n \n \n\n\n**[Awesome-Android-Security](<https://github.com/saeidshirazi/awesome-android-security> \"Download Awesome-Android-Security\" )**\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-28T20:30:00", "type": "kitploit", "title": "Awesome Android Security - A Curated List Of Android Security Materials And Resources For Pentesters And Bug Hunters", "bulletinFamily": "tools", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8913"], "modified": "2020-10-28T20:30:08", "id": "KITPLOIT:249292095984323465", "href": "http://www.kitploit.com/2020/10/awesome-android-security-curated-list.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}