Android Police

Articles Tagged:

vulnerabilites

...

Google Promises A Stagefright Security Update For Nexus Devices Starting Next Week

So you might have heard about the Stagefright vulnerability that was published yesterday. While there's no evidence of a widely-used hack, the potential for malicious MMS attacks via Android's built-in media handling system (which could theoretically affect the majority of Android devices currently in operation) is certainly cause for concern. As reported on our original post, Google has known about the vulnerability since April and has been working on patches to fix the problem.

Read More
...

[New App] Bluebox Heartbleed Scanner Can Help You Discover An OpenSSL Vulnerability On Your Device

The Internet has been abuzz over the recently discovered Heartbleed bug. If you're not already familiar, Heartbleed is a vulnerability in the OpenSSL software library that allows an attacker to steal data directly from the memory space of an application and learn the private keys used to keep data securely encrypted as it travels over the Internet. The implications of this kind of leak are certainly severe, and it has everybody rushing to either install updates that fix the bug or implement workarounds to disable it.

Read More
...

SuperSU Security Advisory: Update To Version 1.69 (Available Now) To Avoid Potential Exploits

If you're a root user, listen up. Chainfire updated SuperSU to v1.69 as of last night, which fixes two exploits that could allow an attacker to leverage root privileges without first prompting the user. Probably nothing to get overly anxious about, but it's definitely a good idea to make sure you're running the latest. Details of these exploits will be released next Monday, so you'll want to grab the update before then.

Read More
...

[Security] Vulnerability In Firefox For Android Discovered That Allows Hackers To Steal Files From The SD Card And Firefox's Privately Stored Data [Update]

The security of our mobile apps and private data is a very serious matter. This is particularly true for high value targets like web browsers, which often store login credentials that can be used to access many of the websites we use on a regular basis. Unfortunately, browsers are also very complicated applications with an extensive set of features that are difficult to lock down completely. Sebastián Guerrero Selma of viaForensics recently posted a video demonstrating a newly discovered vulnerability in Firefox for Android which would allow hackers to access both the contents of the SD card and the browser's private data.

Read More
...

CyanogenMod 10.1.2 Is Another Small Security Update, Patches Second Master Key APK Vulnerability

Second verse, same as the first. Two days ago the CyanogenMod ROM team announced a security update to the CM 10.1 platform, incorporating the "Master Key" security patch that Google had already issued back in February. Yesterday another, more intricate exploit in the same vein was posted by a Chinese blog, and again, Google has rapidly moved to patch the problem in Android... which won't be much comfort to those running an older release.

Read More
...

Second "Master Key" Style APK Exploit Is Revealed Just Two Days After Original Goes Public, Already Patched By Google

Hot on the heels of Bluebox's disclosure of the "Master Key" exploit, a Chinese blog has posted details of a similar vulnerability. This attack also sidesteps a bug in the signature verification step and allows seemingly innocent APKs to include a potentially dangerous payload; and like its brethren, Google has already patched the flaw and posted it to the Android Open Source Project (AOSP). The information comes to us from a China-based group (or possibly individual) calling itself the Android Security Squad.

Read More
...

CyanogenMod 10.1.1 Stable Rolling Out Now With Security Fixes For Master Key And More

While most Android users are waiting on updaters that might patch some of the recently reported security holes, CyanogenMod is already getting a bug fix update out the door. CyanogenMod 10.1.1 is now hitting the stable channel for all supported devices.

cm

The Master Key exploit will be presented by Jeff Forristal at Black Hat 2013 as "One Root To Own Them All." It's essentially a bug in signature verification which can be used to insert malicious code into an APK.

Read More
...

Dan Rosenberg: 'I See This As The End Of An Era For Motorola Rooting And Modding'

When it comes to root and mod action on Motorola devices from the last couple of years, all eyes turn to brilliant Android hacker Dan Rosenberg. Since the Droid 3 was released two years ago, Rosenberg has successfully found root exploits for every Motorola device, including the D3, Bionic, RAZR, Droid 4, Xoom 2, Atrix HD, RAZR HD, and RAZR M. Add to that the fact he just released a tool that unlocks the bootloaders on the most modern Moto phones (RAZR HD, M, and Atrix HD), and it's not hard to see why he's such an important part of the Motorola modding community.

Read More
...

Secunia PSI Is A Tech Preview Of A 'Security' App That Scans A Few Other Apps And Gives You Useless Information

There are a lot of security apps for Android that go a little ways into overkill territory. Whether you're talking about superfluous task managers or "virus scanners" that may provide some minimal protection while generating more fear than is warranted, Android has a persistent problem with companies applying a Windows-era mentality on a completely different OS. Secunia PSI, however, takes the cake for being one of the least effective apps on the Play Store.

Read More
...

[Update: Not Just Samsung] Exploit Could Force Factory Reset On Many Android Phones

Update 2: This exploit probably won't work on most Galaxy S III's as long as they have the most recent OTA update, as we demonstrate on video here.

Update: This issue is, unsurprisingly, a lot more nuanced than the video here lets on. The bug is based in the stock Android browser, is in fact quite old, and has been patched in more recent builds of Android - this is probably why Nexus devices running the most recent OTAs are unaffected.
Read More
Page 1 of 212
Quantcast