latest
Everything you need to know about CPU vulnerabilities like Zenbleed, Downfall, Inception, and more
CPU vulnerabilities have been all the rage recently, with Zenbleed and Downfall being two recent ones. But how worried should you be?
CPU vulnerabilities have been in and out of the news in recent years, and they often come with a pretty scary message when it comes to them being disclosed. In the case of Zenbleed and Downfall, it was that any application on your computer could access the memory of any other program running under the right circumstances. Sounds intense, right?
aCropalypse vulnerability can recover sensitive information previously removed from Pixel screenshots
A newly revealed vulnerability could reveal previously redacted details from screenshots if the edits were made using a Pixel device.
A new vulnerability was revealed by researchers Simon Aarons and David Buchanan that allows previously redacted details to be reclaimed, if the screenshots were taken and changes were made, using the markup editing tool found on Google Pixel devices. While the issue has been addressed in the latest March security patch, the problem still remains in all the images and screenshots that were shared over the years prior to this patch.
Here's how you can get system shell access on any Samsung Galaxy device
Without unlocking the bootloader or tripping Knox!
On the first Monday of every month, Google publishes the Android Security Bulletin. It discloses all the mitigated security vulnerabilities across various components of the Android OS as well as the Linux kernel and their patches submitted by Google themselves or other third parties to that date. Large OEMs like Samsung have their own take on Android, so they opt to roll their own patches and updates into security updates as well.
New Unisoc vulnerability affects the Moto G20, Moto E30, and Moto E40
A new vulnerability has been found that could affect smartphones featuring the Unisoc T700 SoC. The models affected are Moto G20, Moto E30, and Moto E40.
Check Point Research (CPR), a cyber threat intelligence group has provided information about a vulnerability that it has discovered. The vulnerability was found in phones powered by a Unisoc Tiger T700 SoC. While you might not be familiar with the processor, it powers a number of phones from Motorola including the Motorola Moto G20, Moto E30, and Moto E40.
PSA: Dirty Pipe, the Linux kernel root vulnerability, can be abused on the Samsung Galaxy S22 and Google Pixel 6 Pro
The infamous "Dirty Pipe" vulnerability can be exploited on the Samsung Galaxy S22 and the Google Pixel 6 Pro to gain root shell access.
What happens when a Linux privilege-escalation vulnerability that also affects Android gets disclosed publicly? You got it! Security researchers and Android enthusiasts around the world try to take advantage of the newly found problem to create an exploit, which can be used to gain advanced access to your device (such as root or the ability to flash custom images). On the other hand, device makers and a few determined third-party developers quickly take the responsibility to patch the backdoor as soon as possible.
Linux kernel bug dubbed 'Dirty Pipe' can lead to root access, affects Android devices as well
Dirty Pipe is a newly discovered Linux flaw that can be exploited to gain root access. The bug also affects certain Android phones. Read on!
One of the strongest points of the Linux kernel has primarily been its open source nature, which allows stakeholders to fork, modify and redistribute it in a way that suits their particular needs. But this very advantage of being open source acts like a double-edged sword when it comes to the existence of unpatched security vulnerabilities and corresponding exploitable scenarios. While developers and big name OEMs are hard at work enhancing the overall security of the Linux ecosystem (which also includes Android), new vulnerabilities and exploits keep popping up and slipping under the radar. The mistake this time seems to be quite serious, unfortunately.
OnePlus Nord 2 has a vulnerability that grants root shell access within minutes on a locked bootloader, without a data wipe
The OnePlus Nord 2 has a vulnerability that allows an attacker to get unrestricted root shell access. Read on to know more!
A lot of us here at XDA-Developers originally started browsing the forums for the first time when we were looking to root our Android devices. Back in those days, people often relied on "one-click root" methods: Apps or scripts containing payloads that target known privilege escalation vulnerabilities of the existing firmware to gain root access. With improvements and changes to encryption, permissions, and privacy-related handling, modern Android devices are relatively safe from such attack vectors, but there will always remain scope for exploits and vulnerabilities.
Qualcomm modem flaw affects 30% of all phones; lets attackers record phone calls
Security researchers have discovered a new flaw in Qualcomm's Mobile Station Modem that affects around 30% of all Android phones.
Israeli security firm Check Point Research has discovered a flaw in Qualcomm's Mobile Station Modem that affects millions of Android phones worldwide. The firm claims that hackers can exploit the vulnerability and gain access to your text messages, phone calls and, in some cases, even unlock your SIM card.
This WhatsApp vulnerability is pretty stupid, but it can lock you out of your account indefinitely
Security researchers have found a new WhatsApp vulnerability that allows attackers to easily lock you out of your account.
Security researchers have found a new vulnerability in WhatsApp that may prompt more users to quit the Facebook-owned messaging service. Malicious actors can easily exploit this vulnerability to lock you out of your WhatsApp account indefinitely, making it more than just a minor inconvenience for the messenger's 2 billion+ users. But that's not the worst part.
It's now easy to bypass MediaTek's SP Flash Tool authentication
A group of developers has created a Python utility to bypass the authentication routine of MediaTek SP Flash Tool. Check it out now!
Devices with MediaTek chipsets have a BROM (boot read-only memory), which typically loads the preloader executable and subsequently boots the Android system, but also houses an alternative boot mode known as Download mode. It is strictly intended for OEM servicing and can be used to unbrick a device, just like Qualcomm’s Emergency Download Mode (EDL). A MediaTek-made proprietary program called "SP Flash Tool" can utilize this interface to force flash the system software on a device. Since the low-level download mode effectively has full control over the device’s storage, many OEMs including Xiaomi and Realme have started obfuscating the flashing process. Because of this practice, firmware flashing via download mode can only be performed by a signed “Download Agent” program that has been authorized by the corresponding OEM, essentially meaning that you can't flash or unbrick your own smartphone unless you have permission from the device maker to do so.
PSA: If you use ShareIt on Android, you should probably look for alternatives
Cybersecurity giant Trend Micro has discovered glaring security vulnerabilities in the ShareIt app on Android which put your sensitive data at risk.
If you're using the ShareIt app on your phone, you may want to uninstall it right away. Cybersecurity giant Trend Micro has discovered glaring security vulnerabilities in the file-sharing app that can be "abused to leak a user's sensitive data and execute arbitrary code with ShareIt permissions."
PSA: If your PC runs Linux, you should update Sudo now
Researchers at Qualys have discovered a security vulnerability in the Sudo program that can be exploited to gain root access on Linux PCs!
Despite the fact that tens of thousands of contributors actively pore over the source code of the Linux kernel and various Unix utilities looking for security flaws, it's not unheard of for serious bugs to go unnoticed. Just a day ago, the folks over at Qualys revealed a new heap-based buffer overflow attack vector that targets the "Sudo" program to gain root access. The bug this time seems to be quite serious, and the bug has existed within the codebase for almost 10 years! Although the privilege escalation vulnerability has already been patched, it could potentially be exploited on nearly every Linux distribution and several Unix-like operating systems.
Critical MediaTek rootkit affecting millions of Android devices has been out in the open for months
A critical flaw in MediaTek processors went unpatched in devices due to OEM neglect. Google hopes the March 2020 Android Security Bulletin will fix this.
On the first Monday of every month, Google publishes the Android Security Bulletin, a page that discloses all the security vulnerabilities and their patches submitted by Google themselves or other third-parties. Today was no exception: Google just made public the Android Security Bulletin for March 2020. One of the vulnerabilities that are documented in the latest bulletin is CVE-2020-0069, a critical security exploit, specifically a rootkit, that affects millions of devices with chipsets from MediaTek, the large Taiwanese chip design company. Although the March 2020 Android Security Bulletin is seemingly the first time that CVE-2020-0069 has been publicly disclosed, details of the exploit have actually been sitting openly on the Internet—more specifically, on the XDA-Developers forums—since April of 2019. Despite MediaTek making a patch available a month after discovery, the vulnerability is still exploitable on dozens of device models. Even worse, the vulnerability is actively being exploited by hackers. Now MediaTek has turned to Google to close this patch gap and secure millions of devices against this critical security exploit.
Google Camera and Samsung Camera apps exposed camera and video intents to third-party apps
Google Camera and the Samsung Camera apps exposed their Camera and Video intents to third party apps, giving rise to a permission bypass vulnerability.
When compared to iOS, Android provides applications a lot of ways to interact with each other, enabling developers to build some of the more common Android features we have come to expect and love. This is made possible thanks to Android's Intent system, which allows any app to send any intent it wants, and allows receiver apps to handle these intents in creative manners. But as it turns out, the Google Camera app and the Samsung Camera app have left their camera and video intents exposed to third-party apps, which leaves the door open for potential misuse by bypassing critical permissions, as demonstrated by the security researchers at Checkmarx.
Huawei opens a Vulnerability Reward Program with a max payout of ~$143,000
Huawei has opened up the vulnerability reward program, which has a maximum payout of around $143,000 depending on the severity of a vulnerability.
Mobile security is important for a number of reasons, no less because most of our personal lives now reside on our smartphones. From photographs to social media, anybody with malicious access to your device could, in theory, cause a number of problems in your life. That's why it's important to make sure you have the latest security patches and to be sure not to install anything that could steal your data or damage your phone. While some vulnerabilities are in AOSP, some vulnerabilities may be in the custom software used by device OEMs like EMUI. As such, Huawei has opened up the vulnerability reward program in partnership with 360 Mobile Security that has a maximum payout of RMB 1 million (roughly $143,000) should it be deemed serious enough once reported.
Fortnite Installer could be abused to silently install apps on Galaxy phones
Fortnite Mobile on Android's installer app was exploitable in its first release. It could be abused to silently install any app on Samsung Galaxy phones.
The launch of Fortnite Mobile on Android hasn't been too great, especially since many of the supported devices really struggle to play the game with acceptable frame rates. The game launched as a Samsung Galaxy exclusive for only 3 days. The Fortnite Installer was first available on Samsung Galaxy Apps before Epic Games allowed non-Samsung players to download and install the full game from the Fortnite Installer obtained on Epic's website. Shortly after the Fortnite Installer became available, Epic Games quietly pushed an update to the Installer. Now we know why: They patched a Man-in-the-Disk exploit that made it possible for a malicious app to silently install any app they wanted on Samsung Galaxy smartphones. Because there has been some confusion about how this flaw works, we'll try to clear things up. First, we need to explain the basics of app installation on Android.
[Update: Fix] Bootloader Protection Bypass Discovered on OnePlus 6 (requires physical access)
A serious vulnerability in the OnePlus 6 bootloader has been discovered. This exploit, which requires physical access, bypasses all security measures.
The OnePlus 6 was made official in the middle of last month. The device has only recently started to make its way into the hands of consumers and developers on our forums, and already we're hearing about the work that's being done. An official build of TWRP is already available and work is progressing nicely on an unofficial LineageOS 15.1 GSI. The OnePlus 6 isn't only receiving attention from users interested in the device for their personal use or projects, however, as security researchers are starting to take a closer look at the device to see what they can find.
Janus Vulnerability Allows Attackers to Modify Apps without Affecting their Signatures
The Janus vulnerability allows attackers to modify apps without affecting their signatures. It was discovered by GuardSquare and has been fixed by Google.
Android is installed on a huge large number of devices, and that makes it a target for malicious attackers. Vulnerabilities in Google's mobile operating system continue to be discovered every month, but the good news is that Google is usually diligent about fixing them in regular security patches which are then offered to OEMs, who then ship it to devices.
New Android Vulnerability Tricks Users Into Recording Their Screen
A new Android vulnerability discovered by MWR InfoSecurity details how apps can trick users to record their screens without their knowledge.
Android is on billions of devices worldwide, and new vulnerabilities are discovered every day. Now, an exploit discovered by MWR InfoSecurity details how applications in Android versions between 5.0 and 7.1 can trick users into recording screen contents without their knowledge.
What we at XDA once envisioned as a proof of concept security vulnerability has now been confirmed by computer scientists at the Georgia Institute of Technology in Atlanta. The team details what they call "cloak and dagger" exploits which can take over the UI of most versions of Android (including 7.1.2). Given it's nature, it is difficult to fix and also difficult to detect.