Collaborate Disseminate
Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users’ banking and other login credentials and spy on their activit… Continue reading Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild
This blog was co-authored by Pedro Umbelino, Senior Security Researcher, Checkmarx. Introduction In today’s digitally-connected society, smartphones have become an extension of us. Advanced camera and video capabilities in particular are playing … Continue reading How Attackers Could Hijack Your Android Camera to Spy on You
Introduction Security Aspects of Android Android is a privilege-separated operating system, in which each application runs with a distinct system identity (Linux user ID and group ID). Parts of the system are also separated into distinct identities. Li… Continue reading NFC False Tag Vulnerability – CVE-2019-9295
Almost every application contains security vulnerabilities, some of which you may find today, but others would remain invisible until someone else finds and exploits them—which is the harsh reality of cybersecurity and its current state.
And when we s… Continue reading Signal Messenger Bug Lets Callers Auto-Connect Calls Without Receivers’ Interaction
Another day, another revelation of a critical unpatched zero-day vulnerability, this time in the world’s most widely used mobile operating system, Android.
What’s more? The Android zero-day vulnerability has also been found to be exploited in the wild… Continue reading New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild
Well, there’s some good news for hackers and vulnerability hunters, though terrible news for Google, Android device manufacturers, and their billions of users worldwide.
The zero-day buying and selling industry has recently taken a shift towards Andro… Continue reading Exploit Reseller Offering Up To $2.5 Million For Android Zero-Days
When it comes to security updates, Android is a real mess.
Even after Google timely rolls out security patches for its Android platform, a major part of the Android ecosystem remains exposed to hackers because device manufacturers do not deliver patch… Continue reading Google Makes 2 Years of Android Security Updates Mandatory for Device Makers
On May 15, 2018, Pangu Lab announced the ZipperDown vulnerability, which allows a remote code execution attack on iOS apps. Although Pangu Lab did not disclose the details of the ZipperDown vulnerability, we can infer from its researcher’s public… Continue reading ZipperDown: Remote Code Execution Attack on iOS Apps
Android ecosystem is highly broken when it comes to security, and device manufacturers (better known as OEMs) make it even worse by not providing critical patches in time.
According to a new study, most Android vendors have been lying to users about s… Continue reading Popular Android Phone Manufacturers Caught Lying About Security Updates
Google has released its latest monthly security update for Android devices, including a serious bug in some Broadcom Wi-Fi chipsets that affects millions of Android devices, as well as some iPhone models.
Dubbed BroadPwn, the critical remote code exec… Continue reading Millions of Android Devices Using Broadcom Wi-Fi Chip Can Be Hacked Remotely