A logic flaw in some versions of Android can allow for bluetooth to be automatically enabled via NFC.
4daa646bde5895fbdd88288d9c9cd55da7cba639eaae92baee8ddd3f6afda65fWhitepaper called Android Application Vulnerabilities. Written in Vietnamese.
25a9be443e83e5ebb65adc0990933e8bc358ae4df7692ffa351cac1c3505acdeAndroid Studio has an issue where a malicious project can execute a custom cmd.exe allowing for privilege escalation. Google does not believe this is an issue.
46be4037148bbd4dd5a2366f68c681f1a4a3663d8877cd818fdf312172011cdco2 Business for Android version 1.2.0 suffers from an open redirection vulnerability.
ed073540b55db066df4e43d61452b19af671d57a6dad0ef1271c98600b232356Android suffers from a bluetooth remote denial of service vulnerability.
89e5543cb6f51f283e41a489aaa3e084de84be0c84b8090c5910f061d0b501baDebian Linux Security Advisory 4632-1 - Ilja Van Sprundel reported a logic flaw in the Extensible Authentication Protocol (EAP) packet parser in the Point-to-Point Protocol Daemon (pppd). An unauthenticated attacker can take advantage of this flaw to trigger a stack-based buffer overflow, leading to denial of service (pppd daemon crash).
f77ed94eb241b6463d1cc0108850a4ac7b647e3bae13cb583969676d3ec8590eWhitepaper called Android Pentest Tutorial Step By Step. Written in Persian.
5b7d21010a256cb1f4b468d223e3ec667013b6a8d7142cf2136bd61da5d324c0Android OS suffers from a sensitive data exposure vulnerability in its RSSI broadcasts.
b84b85cafb558b1dc05e71a251d6e82bce2a07ab37bb19c2c696f5dd92aa04d5Android OS version 5.0 suffers from a sensitive data exposure vulnerability in its battery information broadcasts.
8ad47d4c35696bfefa77337a99ecd6afe8715bda10ca617af6f70817f6c9f62cWhitepaper called Android Application Penetration Testing. Written in Persian.
99ed5daa9189d9dc52297b718052e093b81f9027457ef626c18d34c33e76312bAndroid Dexdump, tested on Nexus 4 with Android 5.1.1, was found to have a buffer overflow vulnerability.
17f6454004b8a93af64f455ddf63ae9dda00225c1d8b53683c343356ee18c5adSystem broadcasts by Android OS expose information about the user's device to all applications running on the device. This includes the WiFi network name, BSSID, local IP addresses, DNS server information and the MAC address. Some of this information (MAC address) is no longer available via APIs on Android 6 and higher, and extra permissions are normally required to access the rest of this information. However, by listening to these broadcasts, any application on the device can capture this information thus bypassing any permission checks and existing mitigations.
523ebc0e6847c2ff3858fa671185f0aded4e77fd712ecd694c1d059ae8df9760Whitepaper called Android Application Pentest With Drozer. Written in Persian.
bbab551e432b1fa855bffd240fa39aaa15559b5520d44abc8128b8be2b998743Android OS did not use the FLAG_SECURE flag for sensitive settings, potentially exposing sensitive data to other applications on the same device with the screen capture permissions. The vendor (Google) fixed this issue in 2018-02-01 Pixel security update.
419aa59f60c639bf9769fc664825bf713bf20d2a125449f8cf156e98eb09bb86Android Bluetooth BNEP bnep_data_ind() remote heap disclosure proof of concept vulnerability.
bca48d1c32a6cf579a5ece90b87234274c98bed6401f1470ca5a6cdcba4d5b50Android Bluetooth BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG out-of-bounds read proof of concept vulnerability.
99eb32567c7340a388cd09922afb5a94b3797a234d4baf2ff8977aa03764df08Android DRM services suffers from a buffer overflow vulnerability.
efb1ce2739b233f90481dfd1618352f64557499ae57c7214a0748615c4651e39Android devices can be crashed forcing a halt and then a soft reboot by downloading a large proxy auto config (PAC) file when adjusting the Android networking settings. This can also be exploited by an MITM attacker that can intercept and replace the PAC file. However, the bug is mitigated by multiple factors and the likelihood of exploitation is low.
9a6a1af684f67a60cc245b0a7841aeca5cc4c686f0d9b20cffcd532b0d7b75f1Android devices can be crashed remotely forcing a halt and then a soft reboot by a MITM attacker manipulating assisted GPS/GNSS data provided by Qualcomm. This issue affects the open source code in AOSP and proprietary code in a Java XTRA downloader provided by Qualcomm. The Android issue was fixed by in the October 2016 Android bulletin. Additional patches have been issued by Qualcomm to the proprietary client in September of 2016.
a65dfddf168a89391ed0b8297e76ae23566fa1e4d61a4e69446fbad5e0a2b52bAndroid applications developed with Adobe AIR send data back to Adobe servers without HTTPS while running. This can allow an attacker to compromise the privacy of the applications' users. This has been fixed in Adobe AIR SDK release version 23.0.0.257. This affects applications compiled with the Adobe AIR SDK versions 22.0.0.153 and earlier.
7116841c325788e68cfc1fa448456174602554df31525c572ce4f81042034b28Android versions 6.0.0 MDA89E through 6.0.1 MMB29V suffers from a fastboot oem panic that causes the bootloader to expose a serial-over-USB connection, which would allow an attacker to obtain a full memory dump of the device using tools such as QPST Configuration.
1cad3a5d68ceaa11e08febbaecc70daa9705af6a701e1fe02a66f3fe18978e34Android Broadcom Wi-Fi driver memory corruption proof of concept exploit.
c4c12cb38e6d2b70be8735e7ec14759ae9fc80ee9eaf6ef89e5d82541843c1e2Android app WheresMyDroid allows a malicious user to take silent camera photos, get the gps location, and various other dangerous actions.
794fccd3babd94bb14e3eb1e80fd75ed17acb5f866fabc87047e998bd5306d87Android sensord local root exploit.
81fc11ebb3e31b76d066ddd79bc476422e02bd43e5bb43e9ef99238f55eb448eAndroid Stagefright remote code execution exploit that leverages an integer overflow in the libstagefright MP4 'stsc' atom handling.
f67b80af5b935bc038028c58afef32987821b769236699aed6fdf96d9c690c1dThe Android backup agent implementation was vulnerable to privilege escalation and race condition. An attacker with adb shell access could run arbitrary code as the system (1000) user (or any other valid package). The attack is tested on Android OS 4.4.4.
179057ea228364a9ce3f89ec74a1a1873d65e8c8b3dd447dccc0af6935bf1a87
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed