VULNERABILITY Posts on XDA

New Unisoc vulnerability affects the Moto G20, Moto E30, and Moto E40

Check Point Research (CPR), a cyber threat intelligence group has provided information about a vulnerability that it has discovered. The vulnerability was found in phones powered by a Unisoc Tiger T700 SoC. While you might not be familiar with the processor, it powers a number of phones from Motorola including the Motorola Moto G20, Moto...

PSA: Dirty Pipe, the Linux kernel root vulnerability, can be abused on the Samsung Galaxy S22 and Google Pixel 6 Pro

What happens when a Linux privilege-escalation vulnerability that also affects Android gets disclosed publicly? You got it! Security researchers and Android enthusiasts around the world try to take advantage of the newly found problem to create an exploit, which can be used to gain advanced access to your device (such as root or the ability...

Linux kernel bug dubbed ‘Dirty Pipe’ can lead to root access, affects Android devices as well

One of the strongest points of the Linux kernel has primarily been its open source nature, which allows stakeholders to fork, modify and redistribute it in a way that suits their particular needs. But this very advantage of being open source acts like a double-edged sword when it comes to the existence of unpatched security...

OnePlus Nord 2 has a vulnerability that grants root shell access within minutes on a locked bootloader, without a data wipe

A lot of us here at XDA-Developers originally started browsing the forums for the first time when we were looking to root our Android devices. Back in those days, people often relied on "one-click root" methods: Apps or scripts containing payloads that target known privilege escalation vulnerabilities of the existing firmware to gain root access....

Qualcomm modem flaw affects 30% of all phones; lets attackers record phone calls

Israeli security firm Check Point Research has discovered a flaw in Qualcomm's Mobile Station Modem that affects millions of Android phones worldwide. The firm claims that hackers can exploit the vulnerability and gain access to your text messages, phone calls and, in some cases, even unlock your SIM card. Check Point's report reveals that the Mobile...

This WhatsApp vulnerability is pretty stupid, but it can lock you out of your account indefinitely

Security researchers have found a new vulnerability in WhatsApp that may prompt more users to quit the Facebook-owned messaging service. Malicious actors can easily exploit this vulnerability to lock you out of your WhatsApp account indefinitely, making it more than just a minor inconvenience for the messenger's 2 billion+ users. But that's not the worst...

It’s now easy to bypass MediaTek’s SP Flash Tool authentication

Devices with MediaTek chipsets have a BROM (boot read-only memory), which typically loads the preloader executable and subsequently boots the Android system, but also houses an alternative boot mode known as Download mode. It is strictly intended for OEM servicing and can be used to unbrick a device, just like Qualcomm’s Emergency Download Mode (EDL). A MediaTek-made...

PSA: If you use ShareIt on Android, you should probably look for alternatives

If you're using the ShareIt app on your phone, you may want to uninstall it right away. Cybersecurity giant Trend Micro has discovered glaring security vulnerabilities in the file-sharing app that can be "abused to leak a user's sensitive data and execute arbitrary code with ShareIt permissions." In a report on the matter, Trend Micro has...

PSA: If your PC runs Linux, you should update Sudo now

Despite the fact that tens of thousands of contributors actively pore over the source code of the Linux kernel and various Unix utilities looking for security flaws, it's not unheard of for serious bugs to go unnoticed. Just a day ago, the folks over at Qualys revealed a new heap-based buffer overflow attack vector that...

Critical MediaTek rootkit affecting millions of Android devices has been out in the open for months

On the first Monday of every month, Google publishes the Android Security Bulletin, a page that discloses all the security vulnerabilities and their patches submitted by Google themselves or other third-parties. Today was no exception: Google just made public the Android Security Bulletin for March 2020. One of the vulnerabilities that are documented in the...

Google Camera and Samsung Camera apps exposed camera and video intents to third-party apps

When compared to iOS, Android provides applications a lot of ways to interact with each other, enabling developers to build some of the more common Android features we have come to expect and love. This is made possible thanks to Android's Intent system, which allows any app to send any intent it wants, and allows...

Google now pays more for disclosing vulnerabilities in Chrome, Chrome OS, and some Play Store apps

One of the hardest aspects of maintaining a cross-platform product is ensuring its security. Vulnerabilities can be exploited on various platforms in various scenarios, and it's almost impossible for literally any company's security department to fix all of them on their own. That's why companies often use vulnerability disclosure rewards programs, which basically means giving...