Security
Headlines
HeadlinesLatestCVEs

Tag

#android

CVE-2022-20112: Android Security Bulletin—May 2022  |  Android Open Source Project

In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206987762

CVE
Open in Source
#vulnerability#android#google#linux#dos#java#rce#nokia#samsung#huawei
CVE-2022-20116: Android Security Bulletin—May 2022  |  Android Open Source Project

In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212467440

Jocker, Other Fleeceware Surges Back Into Google Play

Some mobile apps are being weaponized with Trojans that secretly sign Android users up for paid subscription services.

How to remove Google from your life

Google and all its products can dominate the average person's life. Here's an in-depth guide on how to remove yourself from their ecosystem. The post How to remove Google from your life appeared first on Malwarebytes Labs.

A scanning tool for open-sourced software packages? Yes, please!

OpenSSF recently introduced a dynamic analysis tool for all OSS packages when uploaded to open source repositories. The post A scanning tool for open-sourced software packages? Yes, please! appeared first on Malwarebytes Labs.

Another Set of Joker Trojan-Laced Android Apps Resurfaces on Google Play Store

A new set of trojanized apps spread via the Google Play Store has been observed distributing the notorious Joker malware on compromised Android devices. Joker, a repeat offender, refers to a class of harmful apps that are used for billing and SMS fraud, while also performing a number of actions of a malicious hacker's choice, such as stealing text messages, contact lists, and device information.

CVE-2022-30333

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.

CVE-2022-30333

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.

Google, Apple, and Microsoft step hand in hand into a passwordless future

Three tech giants used World Password Day to announce their commitment to a passwordless future using FIDO Alliance standards. The post Google, Apple, and Microsoft step hand in hand into a passwordless future appeared first on Malwarebytes Labs.

USB-based Wormable Raspberry Robin Malware Targeting Windows Installer

By Deeba Ahmed The malware Raspberry Robin is distributed via external drives and uses Microsoft Standard installer to execute malicious commands.… This is a post from HackRead.com Read the original post: USB-based Wormable Raspberry Robin Malware Targeting Windows Installer