Cybersecurity researchers have discovered malicious Android apps for Signal and Telegram distributed via the Google Play Store and Samsung Galaxy Store that are engineered to deliver the BadBazaar spyware on infected devices.
Slovakian company ESET attributed the campaign to a China-linked actor called GREF.
"Most likely active since July 2020 and since July 2022, respectively, the campaigns

Cybersecurity researchers have discovered malicious Android apps for Signal and Telegram distributed via the Google Play Store and Samsung Galaxy Store that are engineered to deliver the BadBazaar spyware on infected devices.

Slovakian company ESET attributed the campaign to a China-linked actor called **GREF**.

"Most likely active since July 2020 and since July 2022, respectively, the campaigns have distributed the Android BadBazaar espionage code through the Google Play store, Samsung Galaxy Store, and dedicated websites representing the malicious apps Signal Plus Messenger and FlyGram," security researcher Lukáš Štefanko said in a new report shared with The Hacker News.

Victims have been primarily detected in Germany, Poland, and the U.S., followed by Ukraine, Australia, Brazil, Denmark, Congo-Kinshasa, Hong Kong, Hungary, Lithuania, the Netherlands, Portugal, Singapore, Spain, and Yemen.

BadBazaar was first documented by Lookout in November 2022 as targeting the Uyghur community in China with seemingly benign Android and iOS apps that, once installed, harvests a wide range of data, including call logs, SMS messages, locations, and others.

The earlier campaign, active since at least 2018, is also notable for the fact that the rogue Android apps were never published to the Play Store. Both the apps have since been taken down from google's app storefront, but they continue to be available on the Samsung Galaxy Store.

The details of the apps are as follows -

*   Signal Plus Messenger (org.thoughtcrime.securesmsplus) - 100+ downloads since July 2022, also available via signalplus\[.\]org
*   FlyGram (org.telegram.FlyGram) - 5,000+ downloads since June 2020, also available via flygram\[.\]org

Beyond these distribution mechanisms, it's said that potential victims have also been likely tricked into installing the apps from a Uyghur Telegram group focused on sharing Android apps. The group has over 1,300 members.

Both Signal Plus Messenger and FlyGram are designed to collect and exfiltrate sensitive user data, with each app dedicated to also amassing information from the respective apps they mimic: Signal and Telegram.

This includes the ability to access Signal PIN and Telegram chat backups should the victim enable a Cloud Sync feature from the trojanized app.

In what's a novel twist, Signal Plus Messenger represents the first documented case of surveillance of a victim's Signal communications by covertly linking the compromised device to the attacker's Signal account without requiring any user interaction.

"BadBazaar, the malware responsible for the spying, bypasses the usual QR code scan and user click process by receiving the necessary URI from its \[command-and-control\] server, and directly triggering the necessary action when the Link device button is clicked," Štefanko explained.

"This enables the malware to secretly link the victim's smartphone to the attacker's device, allowing them to spy on Signal communications without the victim's knowledge."

FlyGram, for its part, also implements a feature called SSL pinning to evade analysis by embedding the certificate within the APK file such that only encrypted communication with the predefined certificate is allowed, thereby making it challenging to intercept and analyze the network traffic between the app and its server.

An examination of the app Cloud Sync feature has further revealed that every user who registers for the service is assigned a distinct ID that's sequentially incremented. It's estimated that 13,953 users (including ESET) installed FlyGram and activated the Cloud Sync feature.

ESET said it's continuing to track GREF as a separate cluster despite prior open-source reporting connecting the group to APT15, citing lack of definitive evidence.

"BadBazaar's main purpose is to exfiltrate device information, the contact list, call logs, and the list of installed apps, and to conduct espionage on Signal messages by secretly linking the victim's Signal Plus Messenger app to the attacker's device," Štefanko said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users

Two U.K. teenagers have been convicted by a jury in London for being part of the notorious LAPSUS$ transnational gang and for orchestrating a series of brazen, high-profile hacks against major tech firms and demanding a ransom in exchange for not leaking the stolen information.
This includes Arion Kurtaj (aka White, Breachbase, WhiteDoxbin, and TeaPotUberHacker), an 18-year-old from Oxford, and

Cyber Crime / Data Breach

Two U.K. teenagers have been convicted by a jury in London for being part of the notorious LAPSUS$ transnational gang and for orchestrating a series of brazen, high-profile hacks against major tech firms and demanding a ransom in exchange for not leaking the stolen information.

This includes Arion Kurtaj (aka White, Breachbase, WhiteDoxbin, and TeaPotUberHacker), an 18-year-old from Oxford, and an unnamed minor, who began collaborating in July 2021 after having met online, BBC reported this week.

Both the defendants were initially arrested and released under investigation in January 2022, only to be re-arrested and charged by the City of London Police in April 2022. Kurtaj was subsequently granted bail and moved to a hotel in Bicester after he was doxxed in an online cybercrime forum.

He, however, continued his hacking spree, targeting companies like Uber, Revolut, and Rockstar Games, as a result of which he was arrested again. Another alleged member of the group was apprehended by Brazilian authorities in October 2022.

Central to pulling off the extortion schemes was their ability to conduct SIM swapping and prompt bombing attacks to gain unauthorized access to corporate networks after an extensive social engineering phase.

The financially motivated operation also entailed posting messages to their Telegram channel to solicit rogue insiders who can provide Virtual Private Network (VPN), Virtual Desktop Infrastructure (VDI), or Citrix credentials to organizations.

A recent report from the U.S. government found that the actors offered as much as $20,000 per week for access to telecommunications providers so as to carry out the SIM swap attacks.

"To execute fraudulent SIM swaps, LAPSUS$ obtained basic information about its victims, such as their name, phone number, and customer proprietary network information (CPNI)," the Department of Homeland Security's (DHS) Cyber Safety Review Board (CSRB) said.

"LAPSUS$ learned the information through a variety of ways, including issuing fraudulent EDRs and using account takeover techniques, to hijack the accounts of telecommunications provider employees and contractors."

"It then performed fraudulent SIM swaps via the telecommunications provider's customer management tools. After executing the fraudulent SIM swaps, LAPSUS$ took over online accounts via sign-in and account recovery workflows that sent one-time links or MFA passcodes via SMS or voice calls."

Other methods of initial access ranged from employing the services of initial access brokers (IABs) to the exploitation of security flaws, following which the actors took steps to escalate privileges, laterally move across the network, set up persistent access via remote desktop software such as AnyDesk and TeamViewer, and disable security monitoring tools.

Among the firms infiltrated by LAPSUS$ comprised BT, EE, Globant, LG, Microsoft, NVIDIA, Okta, Samsung, Ubisoft, and Vodafone. It's currently unclear whether ransoms were paid by any of the breached companies. The teenagers are expected to be sentenced at a later date

"The group gained notoriety because it successfully attacked well-defended organizations using highly effective social engineering; targeted supply chains by compromising business process outsourcing (BPOs) and telecommunications providers; and used its public Telegram channel to discuss its operations, targets, and successes, and even to communicate with and extort its targets," the CSRB said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Two LAPSUS$ Hackers Convicted in London Court for High-Profile Tech Firm Hacks

A reflected cross site scripting (XSS) vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi

CVE-2020-22181

An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2021-35309: cve-subscriptions/samsung-stws at main · mustafa-turgut/cve-subscriptions

Pixel Binary Transparency is the latest security benefit for Pixel owners.

It's not in Google's best interests for its smartphones to be easily compromised, and the tech giant has just rolled out a new security feature that for now is exclusive to Pixel devices: Pixel Binary Transparency.

You can think of it like a certificate of authenticity for your phone. It proves that the Pixel handset you have in your hands is the genuine article and not one that's been modified at the software level—potentially with security consequences.

While this is Pixel-only at the moment, it joins the existing Android Verified Boot feature in making sure that the phone that's in your hand hasn't been tampered with in any way—perhaps even before it reached you.

Along with speedy software updates, exclusive apps, and top-level camera performance, Google wants this new security feature to be another reason you'll buy a Pixel over anything else—and here's how it works.

The Security Problem

Are you sure your Pixel hasn't been compromised?

Photograph: Google

There are a lot of steps along the way before your new smartphone reaches you in its tidily cellophaned box, and all of those steps can be exploited by bad actors looking to take control of your device. If you think that opening a factory-fresh device means you don't have any security concerns to worry about, you'd be wrong.

Malware can be inserted into software code—Android software code, in this case—before a new handset gets put in the box. Remember that, as well as the basic Android operating system, you have additions by carriers and manufacturers (including Google and Samsung), not to mention a host of third-party libraries and open source code that all today's software is built on.

It only takes one part of the supply chain process to get exploited—one check that isn't carried out, or one assumption that is wrong—for devices to be put at risk. These attacks can also be launched once you start using your phone, with ostensibly safe apps unknowingly taken over by harmful code. Over-the-air software updates can also be hijacked before reaching users.

If you think about all the businesses involved in maintaining the software on your phone, from individual app developers to corporations such as Google, that's a lot of attack surfaces for hackers to consider. These kinds of attacks are on the rise too. All of this doesn't even consider the secondhand market as well, where used and refurbished Android devices (and especially Pixel phones, in this case) sold by prior owners come with no such guarantees that they're fresh installations of Android that are safe and clear of malware.

Google's Android Fixes

A Merkle tree is used to verify software.

Courtesy of David Nield

In simple terms, the new Pixel Binary Transparency checks the Android operating system on a Pixel phone to make sure the code is exactly as it should be. It's a bit like checking the authenticity of a painting, looking for signs of tampering, or checking that all the office doors and windows are locked at the end of the day. Google has written about the new feature in a blog post, and it says the feature will be built upon in the future.

More specifically, the new Android safety measure uses public cryptographic logs—digital bookkeeping systems—to show what a Pixel installation should look like. Entries can be appended to these logs when new software is released, but they can't be changed or deleted. In other words, any unauthorized edits are going to stand out.

The logs use what's known as a Merkle tree to maintain the integrity of the records within them, a cryptographic structure that speeds up the process of checking large amounts of data for any tampering. The approach means that much smaller portions of data can be analyzed to identify whether or not any changes have been made.

While Google itself admits that most users won't need the Pixel Binary Transparency feature because of the other safeguards already in place on Android, you can in fact try it out on your own Pixel phone or tablet. You're going to need to be familiar with compiling code and using the Android Debug Bridge (ADB) software that lets you analyze Android devices from a computer.

Pixel Binary Transparency complements the existing Android Verified Boot (AVB) safeguard, which works in a similar way. The instant that an Android device boots up, it looks for a special software “signature” (a little like a password) verifying that all is well, the software is untampered with, and the boot process can continue. As with Pixel Binary Transparency, any tampering is virtually impossible to conceal. At the same time, AVB also protects the device from being rolled back to older, less secure versions of Android.

Google's New Feature Ensures Your Pixel Phone Hasn't Been Hacked. Here’s How It Works

Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element.

CVE-2022-4894: Certain HP and Samsung printer software - Potential elevation of privileges

Categories: News
Categories: Personal
We put Malwarebytes Browser Guard up against the top 25 websites. It knocked out 172 trackers and other unwanted items.



(Read more...)




The post 25 most popular websites vs Malwarebytes Browser Guard appeared first on Malwarebytes Labs.

Do you know how many see-everything-you're-doing-on-the-web trackers get loaded into your browser when you watch a YouTube video? Would you care to guess?

It's about sixty.

Sixty. Six zero. Sixty trackers when you load one video. I know this because I decided to take Browser Guard, the Malwarebytes' browser extension that blocks ads and keeps you safe from trackers, scams, malvertising, and other online threats, for a wander through the web's top 25 sites.

Web users have always spent a disprorportionate amount of their time on the web's most popular sites, and websites like Facebook, Twitter, and Twitch are designed to keep you hanging around for as long as possible. So what happens on the top sites has an outsized effect on users because the top sites don't just reach more people, they also keep people for longer.

Before I get into the why I was counting how many things Browser Guard blocks, take a look at the numbers in the table below.

The table shows the number of items—ads, cross-site trackers etc—that Browser Guard blocked on a single page on each of the top 25 most visited websites. I looked at one page on each site, and chose pages that were broadly representative of what somebody might go there to do. So, on Google I looked at a search results page, on YouTube I looked a page displaying a video, and so on. Where I was asked to log in and I had an account, I logged in, and where I was asked to accept cookies I did.

Site

Page type

Items blocked

Google

Search results

2

YouTube

Video page

58

Facebook

Feed

1

Twitter

Feed

2

Wikipedia

Article

0

Yahoo

Article

3

Yandex

Search results

0

WhatsApp

Home

1

XVideos

Video page

4

Amazon

Product page

2

PornHub

Video page

16

XNXX

Video page

4

TikTok

Video page

0

Microsoft (live.com)

Application

0

Reddit

Home

5

LinkedIn

Feed

11

Netflix

Home

1

OpenAI

Home

1

Xhamster

Video page

6

Weather

Home

8

Office 365

Application

0

Samsung

Home

42

Bing

Search results

0

Discord

Home

1

Twitch

Home

4

Browser Guard blocked a total of 172 items across the 25 pages tested. That's a mean average of seven on each site, and a median of two. The mean average is heavily skewed by YouTube and Samsung, which accounted for 100 items between them.

(Note that if you try to repeat this experiment you might get slightly different results, although we expect them to be similar to ours. Because of the way that ad tech works, different numbers of items may be downloaded for apparently identical page loads.)

**How tracking affects security and privacy**

So why does it matter?

Cross-site ad tracking follows you from site to site and builds up a rough picture of your likes, dislikes, and demographics, which is then used to help ad providers choose relevant, targeted ads to show you (or at least, that's the theory.)

This model comes with advantages, but it also comes with significant risks to both your privacy and security.

**You are the product**

The price you pay for the popular, free-to-use-websites like Facebook and YouTube is that somewhere, somebody is amassing a whole lot of data about you. You likely don't know who they are, what they know or how much, how securely the data is stored, how long it's kept, or who it's been shared with, sold to, or stolen by.

Some people see this kind of tracking as benign, or at least a necessary evil. The ad economy is what keeps sites like Facebook and YouTube free after all, and they would rather see ads that might at least appeal to them than something chosen at random. For others, the targeted ad economy and the cross-site tracking it relies upon are an unacceptable violation of their privacy.

But that's not the whole story. Ads and trackers aren't just a privacy problem, they come with a pair of security problems too.

**Efficient threat distribution**

The first is that ad distribution networks—the amazingly efficient, just-in-time auction houses that fill ad slots as a page loads—are just as good at distributing scams, links to phishing sites, and malware downloads, as they are at distributing ads. Ad companies don't encourage this, but despite their efforts malicious advertising—malvertising—is resurgent in 2023. A lot of malvertising works by impersonating well known brands, and the scammers do it so well that you have almost no chance of spotting it.

Simply, the more ads and ad networks you're interacting with, the more likely you are to encounter something bad. And if you do, you probably won't spot it until it's too late.

**Criminals with "God mode" access**

The second problem is that ad networks and cross-site tracking generally rely on components pulled from third-party websites as a page is loaded. This means that when you visit a page with a single tracker on it, your browser is actually talking to two websites: The website you're looking at and the website it's loading the tracking code from.

But lots of sites have far more than one tracker. If you visit a page with 20 trackers, your browser could be assembling the page you're looking at from as many as 21 different websites. Scarily, each website you load a component from gets full access to the page the component is included in. _FULL access_.

Among many other things, the third-party components are allowed to alter the code of the page you're looking at in any way they like, they can all see anything you type into a form on that page, even if you don't submit it, and they can copy any authentication cookies you have for that site too, which effectively means they can steal your password.

In other words, any site that suppliies _any_ content for the page you've loaded gets "God Mode" on that page. So if you're looking at a page with 20 trackers, that's as many as 21 sites with God Mode on that page.

That's bad enough if you trust everyone concerned, because even legitimate companies have been known to play fast and loose with that level of access. But it gets really serious if any of those organisations are compromised, because now you're giving God Mode to a malicious hacker.

**Browser Guard**

There is simply no way for an individual, even a highly skilled one, to know when they're using a website that includes a third-party component compromised by criminal hackers or operated by a company prepared to bend the rules at the expense of your privacy and security. And while legitimate ad companies offer opt outs from tracking, staying on top of them is unworkably hard.

Technologies like Browser Guard fill the gap, staying on top of the known nasties and blocking ads that can harbour malvertising, scams, and other threats, even on the biggest websites.

If you want to find out how much Browser Guard can block for you, download it today.

25 most popular websites vs Malwarebytes Browser Guard

In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.



_Published August 7, 2023_

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2023-08-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version.

Android partners are notified of all issues at least a month before publication. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP.

The most severe of these issues is a critical security vulnerability in the System component that could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.

**Android and Google service mitigations**

This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.

*   Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
*   The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.

**2023-08-01 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-08-01 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Devices with Android 10 and later may receive security updates as well as Google Play system updates.

**Android Runtime**

The vulnerability in this section could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-21265

A-262521447

ID

High

11, 12, 12L, 13

**Framework**

The most severe vulnerability in this section could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-21287

A-278221085

RCE

High

11, 12, 12L, 13

CVE-2023-21269

A-271576718

EoP

High

13

CVE-2023-21270

A-283006437 \[2\]

EoP

High

12, 12L, 13

CVE-2023-21272

A-227471459

EoP

High

11, 12, 12L

CVE-2023-21278

A-281807669

EoP

High

12, 12L, 13

CVE-2023-21281

A-265431505

EoP

High

11, 12, 12L, 13

CVE-2023-21286

A-277740082

EoP

High

11, 12, 12L, 13

CVE-2023-21267

A-218495634

ID

High

11, 12, 12L, 13

CVE-2023-21276

A-213170822

ID

High

12, 12L, 13

CVE-2023-21277

A-281018094

ID

High

12, 12L, 13

CVE-2023-21279

A-277741109

ID

High

12, 12L, 13

CVE-2023-21283

A-280797684 \[2\]

ID

High

11, 12, 12L, 13

CVE-2023-21288

A-276294099

ID

High

11, 12, 12L, 13

CVE-2023-21289

A-272020068

ID

High

11, 12, 12L, 13

CVE-2023-21292

A-236688380

ID

High

11, 12, 12L, 13

CVE-2023-21280

A-270049379

DoS

High

12, 12L, 13

CVE-2023-21284

A-260729089

DoS

High

11, 12, 12L, 13

**Media Framework**

The vulnerability in this section could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-21282

A-279766766

RCE

Critical

11, 12, 12L, 13

**System**

The most severe vulnerability in this section could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-21273

A-272783039

RCE

Critical

11, 12, 12L, 13

CVE-2023-20965

A-250574778 \[2\] \[3\]

EoP

High

13

CVE-2023-21132

A-253043218

EoP

High

12, 12L, 13

CVE-2023-21133

A-253043502

EoP

High

12, 12L, 13

CVE-2023-21134

A-253043495

EoP

High

12, 12L, 13

CVE-2023-21140

A-253043490

EoP

High

12, 12L, 13

CVE-2023-21242

A-277824547

EoP

High

13

CVE-2023-21275

A-278691965

EoP

High

12, 12L, 13

CVE-2023-21271

A-269455813

ID

High

12, 12L, 13

CVE-2023-21274

A-269456018

ID

High

12, 12L, 13

CVE-2023-21285

A-271851153

ID

High

11, 12, 12L, 13

CVE-2023-21268

A-264880895

DoS

High

11, 12, 12L, 13

CVE-2023-21290

A-264880689

DoS

High

11, 12, 12L, 13

**Google Play system updates**

The following issues are included in Project Mainline components.

 

Subcomponent

CVE

Media Codecs

CVE-2023-21282

Permission Controller

CVE-2023-21132, CVE-2023-21133, CVE-2023-21134, CVE-2023-21140

WiFi

CVE-2023-20965, CVE-2023-21242

**2023-08-05 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-08-05 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

**Kernel**

The most severe vulnerability in this section could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Subcomponent

CVE-2023-21264

A-279739439  
Upstream kernel \[2\]

EoP

Critical

KVM

CVE-2020-29374

A-174737879  
Upstream kernel \[2\] \[3\] \[4\] \[5\] \[6\]

EoP

High

COW

**Arm components**

This vulnerability affects Arm components and further details are available directly from Arm. The severity assessment of this issue is provided directly by Arm.

    

CVE

References

Severity

Subcomponent

CVE-2022-34830  

A-227655299 \*

High

Mali

**MediaTek components**

This vulnerability affects MediaTek components and further details are available directly from MediaTek. The severity assessment of this issue is provided directly by MediaTek.

    

CVE

References

Severity

Subcomponent

CVE-2023-20780  

A-285686353  
M-ALPS08017756 \*

High

keyinstall

**Qualcomm closed-source components**

These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.

    

CVE

References

Severity

Subcomponent

CVE-2022-40510  

A-268059589 \*

Critical

Closed-source component

CVE-2023-21626  

A-268060065 \*

High

Closed-source component

CVE-2023-22666  

A-280342037 \*

High

Closed-source component

CVE-2023-28537  

A-280341737 \*

High

Closed-source component

CVE-2023-28555  

A-280342401 \*

High

Closed-source component

**Common questions and answers**

This section answers common questions that may occur after reading this bulletin.

**1\. How do I determine if my device is updated to address these issues?**

To learn how to check a device's security patch level, see Check and update your Android version.

*   Security patch levels of 2023-08-01 or later address all issues associated with the 2023-08-01 security patch level.
*   Security patch levels of 2023-08-05 or later address all issues associated with the 2023-08-05 security patch level and all previous patch levels.

Device manufacturers that include these updates should set the patch string level to:

*   \[ro.build.version.security\_patch\]:\[2023-08-01\]
*   \[ro.build.version.security\_patch\]:\[2023-08-05\]

For some devices on Android 10 or later, the Google Play system update will have a date string that matches the 2023-08-01 security patch level. Please see this article for more details on how to install security updates.

**2\. Why does this bulletin have two security patch levels?**

This bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level.

*   Devices that use the 2023-08-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.
*   Devices that use the security patch level of 2023-08-05 or newer must include all applicable patches in this (and previous) security bulletins.

Partners are encouraged to bundle the fixes for all issues they are addressing in a single update.

**3\. What do the entries in the _Type_ column mean?**

Entries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.

 

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

**4\. What do the entries in the _References_ column mean?**

Entries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

 

Prefix

Reference

A-

Android bug ID

QC-

Qualcomm reference number

M-

MediaTek reference number

N-

NVIDIA reference number

B-

Broadcom reference number

U-

UNISOC reference number

**5\. What does an \* next to the Android bug ID in the _References_ column mean?**

Issues that are not publicly available have an \* next to the corresponding reference ID. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.

**6\. Why are security vulnerabilities split between this bulletin and device / partner security bulletins, such as the Pixel bulletin?**

Security vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device / partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as Google, Huawei, LGE, Motorola, Nokia, or Samsung.

**Versions**

  

Version

Date

Notes

1.0

August 7, 2023

Bulletin published.

CVE-2023-21267: Android Security Bulletin—August 2023

QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.

Skip to content

GitLab

*   *   GitLab: the DevOps platform
    *   Explore GitLab
    *   Install GitLab
    *   How GitLab compares
    *   Get started
    *   GitLab docs
    *   GitLab Learn
    
*   Pricing
*   Talk to an expert

*   /
    
*   

*   Help
    
    *   Help
    *   Support
    *   Community forum
    
    *   Submit feedback
    *   Contribute to GitLab
    *   Switch to GitLab Next
    
*   *   
    
    Projects Groups Topics Snippets
    
*   Register
*   Sign in

*   Klaus Jensen
*   QEMU
*   Commits
*   6c8f8456

**Commit 6c8f8456** authored Aug 08, 2023 by  **Klaus Jensen** 🍻

Browse files

**hw/nvme: fix null pointer access in directive receive**

nvme\_directive\_receive() does not check if an endurance group has been
configured (set) prior to testing if flexible data placement is enabled
or not.

Fix this.

Cc: qemu-stable@nongnu.org
Resolves: #1815
Fixes: 73064edf

 ("hw/nvme: flexible data placement emulation")
Reviewed-by: Jesper Wendel Devantier <j.devantier@samsung.com\>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com\>

parent a8fc5165

*   Changes 1

Hide whitespace changes

Inline Side-by-side

0% or .

You are about to add **0 people** to the discussion. Proceed with caution.

Finish editing this message first!

Please register or sign in to comment

CVE-2023-40360: hw/nvme: fix null pointer access in directive receive (6c8f8456) · Commits · Klaus Jensen / QEMU · GitLab

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission.

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer  
Samsung Electronics (UK) Limited  
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

**Cookies**

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

**Essential Cookies**: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie

Domain

Purpose

JSESSIONID

security.samsungmobile.com

to keep login session

lastActivityTime

security.samsungmobile.com

to save the user's last activity time to automatically logout after 30 minutes of inactivity

**Managing Cookies and Other Technologies**

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

Tag

#samsung