Showing posts with label android. Show all posts
Showing posts with label android. Show all posts

Ajay Verma , , , , , 02:00
Severity Rating: HIGH
Systems Affected 
•Android Operating System versions prior to 10.0

Description
An Elevation of Privilege vulnerability named "StrandHogg 2.0" has been
reported in the Google Android due to confused deputy flaw in the
"startActivities()" of "ActivityStartController.java" which allow the
attacker to hijack any app on an infected device. A local attacker could
exploit this vulnerability by installing a malicious app on a device which
can hide behind legitimate apps. 

Successful exploitation of this vulnerability could allow the attacker to
gain access to victim's login credentials, SMS messages, photos, phone
conversations, spy on the user through the phone's microphone and camera
and also track GPS location details on an affected device. 

Best practices 
•Install updates and patches as and when available from device
vendors/service providers.
•Do not download and install applications from untrusted sources
[offered via unknown websites/ links on unsolicited messages or emails].
Ensure to turn off the "Unknown Source" option in the Security Settings
page. Install applications downloaded from reputed application markets
only.
•Do not to visit un-trusted websites or follow links provided by unknown
or un-trusted sources.

Solution
Contact Device vendor or manufacturer for appropriate over-the-air updates 

Vendor Information
Android

References
Android
Promon
ThreatPost
58/

CVE Name
CVE-2020-0096
Read more [..]

Ajay Verma , , , , , , , 01:40

Severity Rating: HIGH

Software Affected
Google Android versions 8.0, 8.1, 9, 10

Overview
Multiple vulnerabilities have been reported in Google Android which could
allow a remote attacker to execute arbitrary code, gain permissions without
authorization and access sensitive information on a targeted system.
Description
These vulnerabilities exist in Android framework, Media framework, System,
Kernel, Qualcomm components (Camera, Kernel, WLAN and Display) and other
Qualcomm closed source components of Google Android.  A remote attacker
could exploit these vulnerabilities by convincing the user to install a
crafted application. 

Successful exploitation of these vulnerability could allow the attacker to
execute arbitrary code, gain permissions without authorization and access
sensitive information on the targeted system.

Solution
Apply appropriate over-the-air updates as mentioned by various device
manufacturers.
Vendor Information
Android

References
CISecurity

oid-os-could-allow-for-arbitrary-code-execution_2020-073/

CVE Name

CVE-2020-0114

CVE-2020-0115

CVE-2020-0121

CVE-2020-0118

CVE-2020-0113

CVE-2020-0117

CVE-2020-8597

CVE-2020-0116

CVE-2020-0119

CVE-2019-2219

CVE-2019-9460

CVE-2020-8647

CVE-2020-8648

CVE-2020-8428

CVE-2017-9704

CVE-2019-14047

CVE-2020-3665

CVE-2019-14073

CVE-2019-14080

CVE-2019-10597

CVE-2019-14062

CVE-2019-14076

CVE-2020-3614

CVE-2020-3626

CVE-2020-3628

CVE-2020-3635

CVE-2020-3642

CVE-2020-3658

CVE-2020-3660

CVE-2020-3661

CVE-2020-3662

CVE-2020-3663

CVE-2020-3676
Read more [..]
Subscribe to: Posts ( Atom )

© Copyright 2020. Designed By Templateify

© Copyright 2020. Ud64

Scroll to Top