ATENTION‼ New - CVE-2020-0387
📖 Read
via "National Vulnerability Database".
In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-156046804📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-20919
📖 Read
via "National Vulnerability Database".
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.📖 Read
via "National Vulnerability Database".
❌ Apple Bug Allows Code Execution on iPhone, iPad, iPod ❌
📖 Read
via "Threatpost".
Release of iOS 14 and iPadOS 14 brings fixes 11 bugs, some rated high-severity.📖 Read
via "Threatpost".
Threat Post
Apple Bug Allows Code Execution on iPhone, iPad, iPod
Release of iOS 14 and iPadOS 14 brings fixes 11 bugs, some rated high-severity.
❌ Mozi Botnet Accounts for Majority of IoT Traffic ❌
📖 Read
via "Threatpost".
Mozi’s spike comes amid a huge increase in overall IoT botnet activity.📖 Read
via "Threatpost".
Threat Post
Mozi Botnet Accounts for Majority of IoT Traffic
The Mozi botnet, a peer-2-peer (P2P) malware known previously for taking over Netgear, D-Link and Huawei routers, has swollen in size to account for 90 percent of traffic flowing to and from all internet of things (IoT) devices, according to researchers.…
🕴 Iranian Hackers Indicted for Stealing Aerospace & Satellite Tracking Data 🕴
📖 Read
via "Dark Reading: ".
Also, the US Treasury sanctioned Iranian attack group APT39 following a years-long malware campaign.📖 Read
via "Dark Reading: ".
Dark Reading
Iranian Hackers Indicted for Stealing Aerospace & Satellite Tracking Data
Also, the US Treasury sanctioned Iranian attack group APT39 following a years-long malware campaign.
🕴 Indictments Unlikely to Deter China's APT41 Activity 🕴
📖 Read
via "Dark Reading: ".
So far, at least, the threat group has not let public scrutiny slow it down, security researchers say.📖 Read
via "Dark Reading: ".
Dark Reading
Indictments Unlikely to Deter China's APT41 Activity
So far, at least, the threat group has not let public scrutiny slow it down, security researchers say.
ATENTION‼ New - CVE-2020-0289
📖 Read
via "National Vulnerability Database".
In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996872📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0288
📖 Read
via "National Vulnerability Database".
In PackageManager, there is a missing permission check. This could lead to local information disclosure across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153995991📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0287
📖 Read
via "National Vulnerability Database".
In libmkvextractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141860394📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0279
📖 Read
via "National Vulnerability Database".
In the AAC parser, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-131430997📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0277
📖 Read
via "National Vulnerability Database".
In NetworkPolicyManagerService, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a malicious app to modify the device's data plan with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148627993📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0275
📖 Read
via "National Vulnerability Database".
In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150507736📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0274
📖 Read
via "National Vulnerability Database".
In the OMX parser, there is a possible information disclosure due to a returned raw pointer. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-120781925📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0270
📖 Read
via "National Vulnerability Database".
In tremolo, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145790628📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0267
📖 Read
via "National Vulnerability Database".
In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. This could lead to local escalation of privilege due to launching a malicious app instead of the one the user intended, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139128211📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0266
📖 Read
via "National Vulnerability Database".
In factory reset protection, there is a possible FRP bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-111086459📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0264
📖 Read
via "National Vulnerability Database".
In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-116718596📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0130
📖 Read
via "National Vulnerability Database".
In screencap, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege in a system process with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123230379📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0125
📖 Read
via "National Vulnerability Database".
In mediadrm, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137282168📖 Read
via "National Vulnerability Database".
🕴 Don't Fall for It! Defending Against Deepfakes 🕴
📖 Read
via "Dark Reading: ".
Detecting doctored media has become tricky -- and risky -- business. Here's how organizations can better protect themselves from fake video, audio, and other forms of content.📖 Read
via "Dark Reading: ".
Dark Reading
Don't Fall for It! Defending Against Deepfakes
Detecting doctored media has become tricky -- and risky -- business. Here's how organizations can better protect themselves from fake video, audio, and other forms of content.
🔏 Friday Five 9/18 🔏
📖 Read
via "Subscriber Blog RSS Feed ".
Campaign app bugs, VA data breaches, and IoT legislation - catch on the week's news with the Friday Five!📖 Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five 9/18
Campaign app bugs, VA data breaches, and IoT legislation - catch on the week's news with the Friday Five!