#android

The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web content and doesn't adequately validate or sanitize the URI or any extra data passed in the intent by a third party application (with no permissions).

The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs.

An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023.

Categories: News Tags: week Tags: security Tags: September Tags: 2023 Tags: Atomic stealer Tags: Microsoft breach A list of topics we covered in the week of September 4 to September 10 of 2023 (Read more...) The post A week in security (September 4 - September 10) appeared first on Malwarebytes Labs.

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92.

Spyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that’s designed to harvest sensitive information from compromised Android devices. According to Kaspersky security researcher Igor Golovin, the apps come with nefarious features to capture and exfiltrate names, user IDs, contacts, phone numbers, and chat messages to an actor-controlled server. The

By Waqas If you are using an iPhone, it is time to update it to the latest version RIGHT NOW! This is a post from HackRead.com Read the original post: Update NOW! Pegasus Spyware Exploit Found in iPhones Running Latest iOS

Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware on infected machines, new Cisco Talos research shows.

A Mirai botnet variant called Pandora has been observed infiltrating inexpensive Android-based TV sets and TV boxes and using them as part of a botnet to perform distributed denial-of-service (DDoS) attacks. Doctor Web said the compromises are likely to occur either during malicious firmware updates or when applications for viewing pirated video content are installed. "It is likely that this

Firefox version 117 suffers from a file creation denial of service vulnerability.