Android Police

Articles Tagged:

vulnerability

...

Google publishes list of Chromebooks being patched against Meltdown vulnerability

One week ago, details about widespread vulnerabilities in modern processors became public. One variant, named 'Meltdown,' affected every modern Intel chip. Two other variants, collectively known as 'Spectre,' are known to affect chips from Intel, AMD, and ARM (at the very least). Most Google products are already protected against these threats, but now the company has made it easier to tell which Chromebooks are patched.

Read More
...

'Spectre' and 'Meltdown' CPU vulnerabilities become public, most Google products already protected

A report from The Register yesterday claimed that Windows and Linux developers were scrambling to fix a "fundamental design flaw in Intel's processor chips." The flaw theoretically allows any program to view the layout or contents of protected kernel memory areas, which often contain passwords, login keys, cached files, and other sensitive data. Even a web app could potentially read kernel-protected data.

Read More
...

LastPass' 2FA Authenticator app found to be partially insecure, fix incoming

A few days back it was revealed by a security researcher in a post on Medium that the LastPass Authenticator app for 2FA key generation wasn't entirely secure. Access to the keys was ostensibly secured by a PIN/fingerprint, but a workaround was found that allows anyone with the ability to launch an activity on the device, including other installed applications, to access those codes. LastPass has fixed this problem in an update today.

Read More
...

'Janus' vulnerability allows attackers to modify APKs without changing signature, APKMirror already protected

Since the first release, Android has required developers to sign their applications. When you update an app, Android will compare the update's signature to the existing version. If they match, the app update will install. This way, developers don't have to worry about modified APKs causing problems, and users are kept secure.

Read More
...

BlueBorne vulnerability affected Google Home and Amazon Echos, but both have been patched

Vulnerabilities. There's a new flavor of the week every few days and in this highly connected world, it's tough to keep up, whether it's for users who don't know which of their devices are vulnerable and have/haven't been patched or for companies who are scrambling to fix one bug only to see the next one around the corner.

The BlueBorne vulnerability affected Bluetooth devices and could be exploited by hackers to completely take over a device with Bluetooth just turned on, without pairing with it first. Android patched it in September, but it appears that Amazon Echo and Google Home devices were left vulnerable for a while.

Read More
...

Toast overlay being used by malicious Android apps to install additional malware

Recently, Google has notified developers of apps that use Accessibility features for purposes other than helping users with disabilities to cease using those APIs or otherwise unpublish their app. The impetus for this move appears to be existence of (now removed) apps in the Play Store which use Accessibility features in conjunction with a vulnerability patched as part of the September security update to install malware.

Read More
...

Samsung's new Mobile Security Rewards Program will award researchers up to $200,000 per vulnerability discovered

Many companies give out rewards for vulnerabilities found in their software, and Samsung is now joining those ranks. The Korean tech company's Mobile Security Rewards Program has just gone public, enabling security researchers to receive awards of up to $200,000 per bug found.

Read More
...

Major security vulnerability found in VLC, Kodi, and other media players, Kodi for Android already patched

What's worse than a security vulnerability in a widely-used program? A security vulnerability in several widely-used programs. Researchers from Check Point Software Technologies have uncovered a flaw in a handful of media players (including VLC, Kodi, Stremio, and PopcornTime) that allows hackers to run executable code through subtitle files.

Read More
...

Broadcom WiFi vulnerability allows remote code execution, affects almost all Android devices

We of a certain age remember the days before WiFi was widespread. It sucked. Now, there's a wireless network on every corner bringing you all the wonders (and horrors) of the internet. They can also bring you something else: hacks. A researcher from Google's Project Zero security team has revealed an exploit for Broadcom WiFi chips that can allow an attacker to execute code on your device. They just have to be on the same WiFi network as you.

Read More
...

An Israeli security researcher takes a good look at Samsung's Tizen, labels it the worst code he has ever seen

Android is a hulking beast as far as global user share is concerned — hell, it's the most-used operating system in the world, surpassing even Windows (in terms of internet usage). When Samsung announced that it was creating its own open-source alternative to Google's mobile OS, it was not really a surprise. We've had several upstarts over the years, like Sailfish, Firefox OS, Ubuntu Touch, and so on, but all of them have failed in some form or another. There were a few people, however, who thought Sammy could be the one to unseat Google and Android with a mobile operating system that it called Tizen.

Read More
Page 1 of 41234