Security
Headlines
HeadlinesLatestCVEs

Tag

#samsung

CVE-2022-36835

Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files.

CVE
Open in Source
#vulnerability#samsung
CVE-2022-35858: Security: Memory Leak in the function TEE_PopulateTransientObject · Issue #71 · Samsung/mTower

The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount.

CVE-2022-1293: Security Updates | Ercom

The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions.

Apple Just Patched 37 iPhone Security Bugs

Plus: A Google Chrome patch licks the DevilsTongue spyware, Android’s kernel gets a tune-up, and Microsoft fixes 84 flaws.

Ransomware rolled through business defenses in Q2 2022

2022 is shaping up to be another banner year for ransomware, which continued to dominate the threat landscape in Q2. The post Ransomware rolled through business defenses in Q2 2022 appeared first on Malwarebytes Labs.

CVE-2022-20238: Android Security Bulletin—July 2022  |  Android Open Source Project

'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233154555

CVE-2022-20234: Android Automotive OS Update Bulletin—July 2022  |  Android Open Source Project

In Car Settings app, the NotificationAccessConfirmationActivity is exported. In NotificationAccessConfirmationActivity, it gets both 'mComponentName' and 'pkgTitle' from user.An unprivileged app can use a malicous mComponentName with a benign pkgTitle (e.g. Settings app) to make users enable notification access permission for the malicious app. That is, users believe they enable the notification access permission for the Settings app, but actually they enable the notification access permission for the malicious app.Once the malicious app gets the notification access permission, it can read all notifications, including users' personal information.Product: AndroidVersions: Android-12LAndroid ID: A-225189301

CVE-2022-33706

Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture.

Mobile Cybersecurity Firm Cirotta Launches Anti-Hacking Phone Cases

By Deeba Ahmed Israeli Mobile Cybersecurity Startup Cirotta has launched smartphone cases that the company claims to provide complete protection while… This is a post from HackRead.com Read the original post: Mobile Cybersecurity Firm Cirotta Launches Anti-Hacking Phone Cases