VULNERABILITY Posts on XDA

Cloak And Dagger Exploit uses Overlays and Accessibility Services to Hijack the System

What we at XDA once envisioned as a proof of concept security vulnerability has now been confirmed by computer scientists at the Georgia Institute of Technology in Atlanta. The team details what they call "cloak and dagger" exploits which can take over the UI of most versions of Android (including 7.1.2). Given it's nature, it...

Vulnerability in Vibrator Service of Huawei P9 Plus Can Crash the System, Now Patched

In addition to Google's effort on patching exploits and vulnerabilities through the Android Monthly Security Update program, several OEMs have also been more upfront about disclosing any devices-specific vulnerabilities they find and patch. Huawei had previously found an Arbitrary Memory Read/Write vulnerability on the Mate 9 and Mate 9 Pro, which was subsequently patched through a...

Huawei’s Security Advisory Announces Fixes for Multiple Vulnerabilities

Similar to the Android security bulletins that Google, LG and Samsung have, Huawei is another company that keeps track of vulnerabilities that are reported to them. The company published three of these this week and they are possible on a combination of three smartphones that Huawei is currently selling. Fixes for these vulnerabilities will be...

OnePlus Assures Fix for OnePlus 3/3T Bootloader Vulnerability in Next OTA

Just yesterday, we highlighted a bootloader vulnerability that affected the OnePlus 3 and OnePlus 3T. This vulnerability made use of the fastboot mode on the device to toggle SELinux status from Enforcing to Permissive. This state toggle can be done on both bootloader locked and bootloader unlocked devices. The issue was further complicated by the absence...

OnePlus 3/3T Bootloader Vulnerability Allows Changing of SELinux to Permissive Mode in Fastboot

The OnePlus 3 and the OnePlus 3T are among the best phones you can purchase right now. While the upcoming flagships of 2017 are yet to be revealed to consumers, in their absence the OnePlus 3/3T dominate real world performance at an affordable price. But, if we are to be fair in assessing the device, we need to...

4G LTE Vulnerability Enables Eavesdropping on Conversations and all Data Traffic

For the privacy-minded readers on our forums, you probably steer clear of any open WiFi hotspot while you're out and about. If you're one of the lucky few who owns a select Nexus or Pixel device that is supported by Google's WiFi Assistant, then maybe you aren't so worried about using an unsecured network. But...

New Rowhammer Exploits use Hardware Vulnerabilities to Root LG, Samsung, and Motorola Devices

Google is constantly at war with hackers seeking to maliciously exploit security vulnerabilities in their products. Back in the middle of 2014, Google assembled a team of security analysts called 'Project Zero' to report zero-day exploits to the company so they can be patched before any nefarious third-party can take advantage of the undisclosed security hole....