#android

Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands.

Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

Implicit intent hijacking vulnerability in Camera prior to versions 11.0.16.43 in Android 11, 12.1.00.30, 12.0.07.53, 12.1.03.10 in Android 12, and 13.0.01.43, 13.1.00.83 in Android 13 allows local attacker to access specific file.

Categories: Personal Tags: twitter Tags: x Tags: social media Tags: social network Tags: register Tags: biometric Tags: ID Tags: passport Tags: verify Tags: verification Tags: premium Tags: elon musk We take a look at plans to voluntarily upload identification to X, the site formerly known as Twitter. (Read more...) The post X wants your biometric data appeared first on Malwarebytes Labs.

Categories: Personal Tags: chastity cage Tags: IoT Tags: Internet of Things Tags: romance Tags: toy Tags: device Tags: expose Tags: user data We take a look at reports of an IoT chastity cage device which is exposing user data. (Read more...) The post Smart chastity device exposes sensitive user data appeared first on Malwarebytes Labs.

Kingo ROOT version 1.5.8 suffers from an unquoted service path vulnerability.

Parse Server is an open source backend server. In affected versions the Parse Cloud trigger `beforeFind` is not invoked in certain conditions of `Parse.Query`. This can pose a vulnerability for deployments where the `beforeFind` trigger is used as a security layer to modify the incoming query. The vulnerability has been fixed by refactoring the internal query pipeline for a more concise code structure and implementing a patch to ensure the `beforeFind` trigger is invoked. This fix was introduced in commit `be4c7e23c6` and has been included in releases 6.2.2 and 5.5.5. Users are advised to upgrade. Users unable to upgrade should make use of parse server's security layers to manage access levels with Class-Level Permissions and Object-Level Access Control that should be used instead of custom security layers in Cloud Code triggers.

By Habiba Rashid Key Findings Cybersecurity researchers have warned of fake Signal and Telegram apps that have been distributed through the… This is a post from HackRead.com Read the original post: Chinese APT Slid Fake Signal and Telegram Apps onto Official App Stores

In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035.

Categories: News Tags: week Tags: security Tags: August Tags: 2023 A list of topics we covered in the week of August 28 to September 3, 2023. (Read more...) The post A week in security (August 28 - September 3) appeared first on Malwarebytes Labs.