The Android backup agent implementation was vulnerable to privilege escalation and race condition. An attacker with adb shell access could run arbitrary code as the system (1000) user (or any other valid package). The attack is tested on Android OS 4.4.4.
179057ea228364a9ce3f89ec74a1a1873d65e8c8b3dd447dccc0af6935bf1a87
SEARCH-LAB Ltd. discovered a serious security vulnerability in the On Screen Phone protocol used by LG Smart Phones. A malicious attacker is able to bypass the authentication phase of the network communication, and thus establish a connection to the On Screen Phone application without the owner's knowledge or consent. suffers from a bypass vulnerability.
6c5f9b3a483b2488fd33286b1d8b13298108615893ce571ef447baedf300e177