ATENTION‼ New - CVE-2020-0257
📖 Read
via "National Vulnerability Database".
In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. This could lead to local escalation of privilege in isolated processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-156741968📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0256
📖 Read
via "National Vulnerability Database".
In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-152874864📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0254
📖 Read
via "National Vulnerability Database".
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647751📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0253
📖 Read
via "National Vulnerability Database".
There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152647365📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0252
📖 Read
via "National Vulnerability Database".
There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152236803📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0251
📖 Read
via "National Vulnerability Database".
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647626📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0250
📖 Read
via "National Vulnerability Database".
In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, there is a missing permission check. This could lead to local information disclosure of location data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154934934📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0249
📖 Read
via "National Vulnerability Database".
In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-154719656📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0248
📖 Read
via "National Vulnerability Database".
In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154627439📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0247
📖 Read
via "National Vulnerability Database".
In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1Android ID: A-156087409📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0243
📖 Read
via "National Vulnerability Database".
In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-151644303📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0242
📖 Read
via "National Vulnerability Database".
In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151643722📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0241
📖 Read
via "National Vulnerability Database".
In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151456667📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0240
📖 Read
via "National Vulnerability Database".
In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150706594📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0239
📖 Read
via "National Vulnerability Database".
In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file (eg. a photo) containing location metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-151095863📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0238
📖 Read
via "National Vulnerability Database".
In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150946634📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0108
📖 Read
via "National Vulnerability Database".
In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-140108616📖 Read
via "National Vulnerability Database".
🕴 Researchers Trick Facial-Recognition Systems 🕴
📖 Read
via "Dark Reading: ".
Goal was to see if computer-generated images that look like one person would get classified as another person.📖 Read
via "Dark Reading: ".
Dark Reading
Researchers Trick Facial-Recognition Systems
Goal was to see if computer-generated images that look like one person would get classified as another person.
ATENTION‼ New - CVE-2019-17339
📖 Read
via "National Vulnerability Database".
The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions 6.0.0 and below.📖 Read
via "National Vulnerability Database".
❌ Agent Tesla Spyware Adds Fresh Tricks to Its Arsenal ❌
📖 Read
via "Threatpost".
The RAT is surging in 2020, becoming more prevalent than even the infamous TrickBot or Emotet malware.📖 Read
via "Threatpost".
Threat Post
Agent Tesla Spyware Adds Fresh Tricks to Its Arsenal
The RAT is surging in 2020, becoming more prevalent than even the infamous TrickBot or Emotet malware.
🔐 Security in the 'new normal': Passwordless is the way forward 🔐
📖 Read
via "Security on TechRepublic".
Moving on from passwords to strong authentication and adaptive access policies is key to improving security without hurting productivity, especially given the increase in remote working.📖 Read
via "Security on TechRepublic".
TechRepublic
Security in the 'new normal': Passwordless is the way forward
Moving on from passwords to strong authentication and adaptive access policies is key to improving security without hurting productivity, especially given the increase in remote working.