Android Police

Articles Tagged:

vulnerability

...

Google Home and Chromecast can leak your location, but a fix is on the way

Google Homes and Chromecasts around the world will be quietly updated in the coming weeks with a patch for a rather serious issue. According to security researcher Craig Young from Tripwire, these devices have a vulnerability that could allow an attacker to find your geographic location if you have a Home or Chromecast on your network. That's a big problem, and Google almost didn't believe Young's bug report.

Read More
...

[Update: OnePlus promises a fix] OnePlus 6 bootloader vulnerability could allow anyone with physical access full control of your phone

One of the most elementary aspects of phone security is the idea of a locked bootloader, which is supposed to prevent a handset from flashing or booting arbitrary code, ostensibly keeping the software on the device secure. It's super basic—or, at least, it's supposed to be. Turns out, the OnePlus 6 will allow you to boot any arbitrary or modified image you choose, even on a locked bootloader. 

Read More
...

Harmony Hub had a vulnerability, but it's been patched in version 4.15.96

Over the past few days, we've covered an issue with the Harmony Hub not being able to control Sonos speakers' volume properly, which was followed by a fix with firmware 4.15.100. As it turns out, the issue occurred because Logitech may have rushed to release firmware version 4.15.96 for the hub to patch a vulnerability discovered by FireEye.

Read More
...

Tegra X1 processor vulnerability discovered, affects Nvidia Shield, Pixel C, and Nintendo Switch

The Tegra X1 is one of Nvidia's latest mobile processors, powering devices like the Nintendo Switch, Google Pixel C, and Nvidia Shield. It's not uncommon that vulnerabilities are discovered in SoCs, and that has just happened for the Tegra X1. Katherine Temkin and the ReSwitched hacking team have just released details about a security flaw, nicknamed 'Fusée Gelée,' that allows unauthenticated arbitrary code execution on devices using the Tegra chip.

Read More
...

Google publishes list of Chromebooks being patched against Meltdown vulnerability

One week ago, details about widespread vulnerabilities in modern processors became public. One variant, named 'Meltdown,' affected every modern Intel chip. Two other variants, collectively known as 'Spectre,' are known to affect chips from Intel, AMD, and ARM (at the very least). Most Google products are already protected against these threats, but now the company has made it easier to tell which Chromebooks are patched.

Read More
...

'Spectre' and 'Meltdown' CPU vulnerabilities become public, most Google products already protected

A report from The Register yesterday claimed that Windows and Linux developers were scrambling to fix a "fundamental design flaw in Intel's processor chips." The flaw theoretically allows any program to view the layout or contents of protected kernel memory areas, which often contain passwords, login keys, cached files, and other sensitive data. Even a web app could potentially read kernel-protected data.

Read More
...

LastPass' 2FA Authenticator app found to be partially insecure, fix incoming

A few days back it was revealed by a security researcher in a post on Medium that the LastPass Authenticator app for 2FA key generation wasn't entirely secure. Access to the keys was ostensibly secured by a PIN/fingerprint, but a workaround was found that allows anyone with the ability to launch an activity on the device, including other installed applications, to access those codes. LastPass has fixed this problem in an update today.

Read More
...

'Janus' vulnerability allows attackers to modify APKs without changing signature, APKMirror already protected

Since the first release, Android has required developers to sign their applications. When you update an app, Android will compare the update's signature to the existing version. If they match, the app update will install. This way, developers don't have to worry about modified APKs causing problems, and users are kept secure.

Read More
...

BlueBorne vulnerability affected Google Home and Amazon Echos, but both have been patched

Vulnerabilities. There's a new flavor of the week every few days and in this highly connected world, it's tough to keep up, whether it's for users who don't know which of their devices are vulnerable and have/haven't been patched or for companies who are scrambling to fix one bug only to see the next one around the corner.

The BlueBorne vulnerability affected Bluetooth devices and could be exploited by hackers to completely take over a device with Bluetooth just turned on, without pairing with it first. Android patched it in September, but it appears that Amazon Echo and Google Home devices were left vulnerable for a while.

Read More
...

Toast overlay being used by malicious Android apps to install additional malware

Recently, Google has notified developers of apps that use Accessibility features for purposes other than helping users with disabilities to cease using those APIs or otherwise unpublish their app. The impetus for this move appears to be existence of (now removed) apps in the Play Store which use Accessibility features in conjunction with a vulnerability patched as part of the September security update to install malware.

Read More
Page 1 of 512345