Android Security & Malware
14.4K members
57 photos
6 files
1.08K links
Mobile infosec news about - security, privacy, malware, bugs, vulnerabilities, data leaks, bug bounty hunting, security tips & tutorials, tools, hacks, ethical hacking, penetration testing, forensic...
Contact: @androidMalware_bot
Download Telegram
to view and join the conversation
Couple of bugs disclosed for Huawei, Motorola, OPPO, Mediatek, Vivo, Meizu, ZTE, K-Touch, Transsion, Digitime devices
Issues: ADB private key leak, a cloud services key leak, and permissions bypass for system APIs
https://bugs.chromium.org/p/apvi/issues/list?q=&can=1
Activation of arbitrary intent due to unsafe deserialization - CVE-2020-0082

This leads to EoP in Android 10.
It could start any privileged intent without permission.
With this vulnerability it would be possible to silently install and uninstall any app.
https://github.com/0x742/CVE-2020-0082-ExternalVibration