#android

Wondershare Dr Fone version 12.9.6 suffers from a weak service permission vulnerability that can allow for privilege escalation.

By Deeba Ahmed The researchers have been tracking the malware campaign since November 2020. This is a post from HackRead.com Read the original post: Beware of Fake Facebook Profiles, Google Ads Pushing Sys01 Stealer

Categories: Android Categories: News Tags: Android Tags: 2023-03-05 Tags: RCE Tags: EoP Tags: CVE-2023-20951 Tags: CVE-2023-20954 Tags: CVE-2022-33213 Tags: CVE-2022-33256 Tags: CVE-2021-33655 The March security updates for Android include fixes for two critical remote code execution (RCE) vulnerabilities. Update as soon as you can! (Read more...) The post Update Android now! Two critical vulnerabilities patched appeared first on Malwarebytes Labs.

By Deeba Ahmed Security firm ESET’s cybersecurity researchers have shared their analysis of the world’s first UEFI bootkit being used in… This is a post from HackRead.com Read the original post: BlackLotus UEFI bootkit Can Bypass Secure Boot on Windows

By Deeba Ahmed Currently, scammers are using DBatLoader malware loader to distribute Remcos RAT to businesses and institutions across Eastern Europe. This is a post from HackRead.com Read the original post: Phishing Attack Uses UAC Bypass to Drop Remcos RAT Malware

Ubuntu Security Notice 5934-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.

By Waqas An old version of the Shein app was found to be accessing and copying clipboard content on Android devices before being detected and reported by Microsoft to Google. This is a post from HackRead.com Read the original post: Microsoft Found Shein App Copying Clipboard Content on Android Phones

Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium)

In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629576; Issue ID: ALPS07629576.