Android Police

Articles Tagged:

vulnerability

23

Presidential alerts can be easily spoofed, thanks to LTE security vulnerabilities

Last year, the United States performed the first public test of the national Wireless Emergency Alert (WEA), an alert system designed to send messages to smartphones, TVs, and other systems simultaneously. The test was specifically for the 'Presidential Alert,' a new category that can't be opted out of (like AMBER alerts). It turns out these types of alerts can be easily spoofed, thanks to various security vulnerabilities with LTE towers.

Read More
3

Mozilla patches zero-day vulnerability with Firefox 67.0.3 update [APK Download]

Firefox developer Mozilla has rolled out an update to the release channel of its browser app for Android that adds an important security fix. The update to version number 67.0.3 patches the critical zero-day flaw and protects users from potential attacks.

Read More
28

HMD Global investigating easily-fooled Nokia 9 fingerprint sensors

Owners of the Nokia 9 PureView have had a rough go with the in-display fingerprint sensor they've bought their phones — our Ryan Whitwam was not impressed with the fussing around and finger-jambing he had to do in order to achieve authentication. A software update last week was supposed to loosen up and get the sensor working as it should. But manufacturer HMD Global is now investigating a complaint saying that the phone is too loose, producing false positives from unknown fingers and even a packet of gum.

Read More
36

WhatsApp vulnerability could be used to spread fake news and scam users

Cybersecurity researchers from Check Point have unearthed a vulnerability in WhatsApp that could allow attackers to trick users by intercepting messages and editing the content. This opens up the possibility of scamming people and spreading misinformation.

Read More
21

Google Home and Chromecast can leak your location, but a fix is on the way

Google Homes and Chromecasts around the world will be quietly updated in the coming weeks with a patch for a rather serious issue. According to security researcher Craig Young from Tripwire, these devices have a vulnerability that could allow an attacker to find your geographic location if you have a Home or Chromecast on your network. That's a big problem, and Google almost didn't believe Young's bug report.

Read More
66

[Update: OnePlus promises a fix] OnePlus 6 bootloader vulnerability could allow anyone with physical access full control of your phone

One of the most elementary aspects of phone security is the idea of a locked bootloader, which is supposed to prevent a handset from flashing or booting arbitrary code, ostensibly keeping the software on the device secure. It's super basic—or, at least, it's supposed to be. Turns out, the OnePlus 6 will allow you to boot any arbitrary or modified image you choose, even on a locked bootloader. 

Read More
1

Harmony Hub had a vulnerability, but it's been patched in version 4.15.96

Over the past few days, we've covered an issue with the Harmony Hub not being able to control Sonos speakers' volume properly, which was followed by a fix with firmware 4.15.100. As it turns out, the issue occurred because Logitech may have rushed to release firmware version 4.15.96 for the hub to patch a vulnerability discovered by FireEye.

Read More
55

Tegra X1 processor vulnerability discovered, affects Nvidia Shield, Pixel C, and Nintendo Switch

The Tegra X1 is one of Nvidia's latest mobile processors, powering devices like the Nintendo Switch, Google Pixel C, and Nvidia Shield. It's not uncommon that vulnerabilities are discovered in SoCs, and that has just happened for the Tegra X1. Katherine Temkin and the ReSwitched hacking team have just released details about a security flaw, nicknamed 'Fusée Gelée,' that allows unauthenticated arbitrary code execution on devices using the Tegra chip.

Read More
10

Google publishes list of Chromebooks being patched against Meltdown vulnerability

One week ago, details about widespread vulnerabilities in modern processors became public. One variant, named 'Meltdown,' affected every modern Intel chip. Two other variants, collectively known as 'Spectre,' are known to affect chips from Intel, AMD, and ARM (at the very least). Most Google products are already protected against these threats, but now the company has made it easier to tell which Chromebooks are patched.

Read More
58

'Spectre' and 'Meltdown' CPU vulnerabilities become public, most Google products already protected

A report from The Register yesterday claimed that Windows and Linux developers were scrambling to fix a "fundamental design flaw in Intel's processor chips." The flaw theoretically allows any program to view the layout or contents of protected kernel memory areas, which often contain passwords, login keys, cached files, and other sensitive data. Even a web app could potentially read kernel-protected data.

Read More