Next Page >>
Android
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs
Multiple vulnerabilities in Google's Android SDK
*Advisory Information*
Title: Multiple vulnerabilities in Google's Android SDK
=============================================================
Android Browser Cross-Application Scripting (CVE-2011-2357)
=============================================================
1) Background
--------------
Android applications are executed in a sandbox environment, to ensure that no
application can access sensitive information held by another, without adequate
privileges. For example, Android's browser application holds sensitive
information such as cookies, cache and history, and this cannot be accessed by
#2009-014 Android denial-of-service issues
Description:
Android, an open source mobile phone platform, is affected by two bugs
that lead to denial-of-service (DoS) conditions.
Two separate DoS issues have been independently reported to oCERT.
Title: HTC / Android OBEX FTP Service Directory Traversal

Author: Alberto Moreno Tablado

Vendor: HTC

Products:

- HTC devices running Android 2.1

- HTC devices running Android 2.2
References: http://www.seguridadmobile.com/android/android-security/HTC-Android-OBEX-FTP-Service-Directory-Traversal.html
Summary:
HTC devices running Android 2.1 and Android 2.2 are prone to a directory traversal vulnerability in the Bluetooth OBEX FTP Service. Exploiting this issue allows a remote authenticated attacker to list arbitrary directories, and read arbitrary files, via a ../ in a pathname.
February 1, 2012
--------------------------------------------------------------------------------
Subject
--------------------------------------------------------------------------------
802.1X password exploit on many HTC Android devices
--------------------------------------------------------------------------------
Abstract
--------------------------------------------------------------------------------
-----Original Message-----
From: Security Mailing List <s3clist@hotmail.com>
Date: Thu, 15 Mar 2012 10:33:19
To: Zach C.<fxchip@gmail.com>
Cc: <bugtraq@securityfocus.com>
Subject: Re: Android wireless accepts fake response (No interaction requires)
(Vulnerability ?)
You are not wrong. However, in this case, the point is to capture "WPA
handshake"(not WPA key) in order to brute-force for WPA key. This attack
____
From: Security Mailing List [s3clist@hotmail.com]
Sent: Monday, March 12, 2012 2:25 AM
To: bugtraq@securityfocus.com
Subject: Android wireless accepts fake response (No interaction
requires) (Vulnerability ?)
## Android wireless accepts fake response (No interaction requires)
(Vulnerability ?) ##
physical security is so strict, I cannot find my way to the area a
legitimate access point covers. I can change my attack vector to wait
for my client's employees to buy some coffee at the ground floor and,
therefore, I can steal "WPA handshake" for the employees. Then, I need
to spend some times cracking for WPA key. If I successfully crack the
key, I, now, can connect with Android devices of my client's employees
and they might think that they are connecting with their very powerful
access points of their workplace. At this point, I could launch
karmetasploit-style attacks in order to get malware into the device.
Every process here does not require me to get network my client's networks.
## Android wireless accepts fake response (No interaction requires)
(Vulnerability ?) ##
:: Description ::
I have found Android device's behavior which I deem it is inappropriate.
I am not sure if it can be classified as a vulnerability. The problem
appears when an Android device have connected to hidden SSID wireless
networks. The default behavior of most OSes is to shout out to see if
1 Background
============
Android applications are executed in a sandbox environment, to ensure that no
application can access sensitive information held by another, without adequate
privileges. For example, The Browser application holds sensitive information
such as cookies, cache and history, and this cannot be accessed by third-party
apps, while the Google Talk application stores contacts and conversations. An
android app may request specific privileges during its installation; if granted
by the user, the app's capabilities are extended.
#2009-006 Android improper package verification when using shared uids
Description:
Android, an open source mobile phone platform, improperly checks developer
certificates when installing packages that request the shared user identifier
(uid) permission.
Normally, Android applications will be allowed to share a uid if the
packages are all signed by the same developer certificate and request
Trustwave's SpiderLabs Security Advisory TWSL2011-008:
Focus Stealing Vulnerability in Android
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-008.txt
Published: 2011-08-06
Version: 1.0
Vendor: Google http://www.android.com/
Product: Android
#2009-011 Android improper camera and audio permission verification
Description:
Android, an open source mobile phone platform, improperly checks permissions
when applications access the camera and audio resources.
The permissions are Manifest.permission.CAMERA and
Manifest.permission.AUDIO_RECORD respectively.
1 Background
=============
Android applications are executed in a sandbox environment, to ensure that no
application can access sensitive information held by another, without adequate
privileges. For example, Opera Mobile holds sensitive information such as
cookies, cache and history, and this cannot be accessed by third-party apps. An
android app may request specific privileges during its installation; if granted
by the user, the app's capabilities are extended.
One mechanism which Android uses in order to implement the sandbox, is running
1 Background
============
Android applications are executed in a sandbox environment, to ensure that no
application can access sensitive information held by another, without adequate
privileges. For example, the Dolphin browser application holds sensitive
information such as cookies, cache and history, and this cannot be accessed
by third-party apps. An android app may request specific privileges during
its installation; if granted by the user, the app's capabilities are extended.
Intents are used by Android apps for intercommunication. These objects can be
VSR Security Advisory
http://www.vsecurity.com/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: HTC IQRD Android Permission Leakage
Release Date: 2012-04-20
Application: IQRD on HTC Android Phones
Author: Dan Rosenberg <drosenberg (at) vsecurity.com>
Vendor Status: Patch Released
CVE Candidate: CVE-2012-2217
potentially, arbitrary code execution due to heap corruption.
Patches have been made available by PacketVideo:
http://ocert.org/patches/2009-002/opencore_mp3_dec.patch
http://review.source.android.com/Gerrit#change,8815
Affected version:
OpenCore <= 2.0
We have discovered that the "wipe" function on Android does not reliably
delete data on all devices. On a Nexus S running Android 2.3.6, we were
able to recover user data after running a "wipe" both using the "factory
data reset" from the menu and by wiping the device from recovery.
To recover data, the device must be rooted. This can be done after the
wipe by using e.g. the zergRush root exploit. (Note that the official
way which includes unlocking the bootloader must not be used - that one
does securely wipe the memory).
http://www.majorsecurity.info
Affected Products:
============
Motorola Milestone(Droid) smartphone Browser with following useragent:
Mozilla/5.0 (Linux; U; Android 2.0; de-de; Milestone Build/SHOLS_U2_01.03.1) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17
Original Advisory:
============
http://www.majorsecurity.info/index_2.php?adv=major_rls65
# Cloud based Capture-the-Flag, 1st time in India.
**** Technical Briefings ****
Dhruv Soi - Exploit the Exploit Kits
Anant Shrivastava - Android Tamer
Anand Pandey - One Line Facebook
Manish Chasta - Android Forensics
Bishan Singh Kochher - DOM XSS Encounter of the 3rd Kind
Nikhil Mittal - Mere pass Teensy hain
Elad Shapira - How Android based phone helped me win American Idol
I wrote:
> Google Android applications on the T-Mobile G1 can spawn a telnetd
> that gives remote root access to your phone:
>
> http://www.android-unleashed.com/2008/11/howto-get-root-on-your-android-g1-and.html
>
> This particular method needs user interaction, but a rogue Android app
> could easily run telnetd automatically. Android apps are not normally
> granted this sort of permission, and granting root is not supposed to
> even be possible.
SEC Consult Vulnerability Lab Security Advisory < 20111219-1 >
=======================================================================
title: Multiple vulnerabilities in WhatsApp
product: WhatsApp (tested on Android client)
fixed version: -
impact: Medium
homepage: http://www.whatsapp.com/
found: 2011-09-09
by: G. Wagner
SEC Consult Vulnerability Lab
-----Original Message-----
From: Dan Dascalescu [mailto:ddascalescu@gmail.com]
Sent: Thursday, January 14, 2010 8:17 PM
To: bugtraq@securityfocus.com
Subject: Major security risk in the unlock pattern for Android devices
If you use locking, just look carefully at your Android phone screen
and you'll most likely already see the streak/smudge fingerprint
trace. An attacker only has to trace that in both directions and is
guaranteed access. By contrast, smudges left behind a PIN of N digits
IV. DETECTION
The following Adobe Products are vulnerable: <ul> <li> Adobe Flash
Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux
and Solaris operating systems </li> <li> Adobe Flash Player 10.3.185.25
and earlier versions for Android </li> <li> Adobe AIR 2.7 and earlier
versions for Windows, Macintosh and Android </li> </ul>
V. WORKAROUND
Disable Flash Player plugin by restricting access to Flash Player files,
III. AFFECTED PRODUCTS
---------------------------
Adobe Flash Player v10.3.181.34 and prior
Adobe Flash Player v10.3.185.25 and prior for Android
Adobe AIR version 2.7 and prior
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
IV. DETECTION
The following Adobe Products are vulnerable: <ul> <li> Adobe Flash
Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux
and Solaris operating systems </li> <li> Adobe Flash Player 10.3.185.25
and earlier versions for Android </li> <li> Adobe AIR 2.7 and earlier
versions for Windows, Macintosh and Android </li> </ul>
V. WORKAROUND
Disable Flash Player plugin by restricting access to Flash Player files,
* Automating vulnerability discovery
* Weaponization and underworld/government exploit market intelligence
* Non-x86, MIPS, ARM and x64 specific exploitation techniques
* Smarter and Dumber fuzzing for binary only vulnerability hunt
* Static and Dynamic binary or source-based analysis
* Hacking mobile: defeating iOS and Android security
* Kernel land exploits
* New advances in Attack frameworks and automation
* Virtual Machines and Virtual Infrastructures evasion
* Governmentalization of hacking projection force
Introduction:
=============
An all-in-one user-friendly DVD ripper, Video Record, video converter, YouTube Downloader,
video editor and DVD burner, which helps you rip DVD and record/convert video for multimedia
devices, like iPhone 4, iPad, iPod, Google Android, PSP, Nokia, Samsung Galaxy with lossless quality.
Features
Support conversion on all DVD variations, input formats and output formats, such as AVI, MP4, MPEG,
MOV, WMV, 3GP, MKV, FLV, RMVB, WebM, MP3 etc. More...
Record video and capture desktop activities.
Here are with the Issue-21, October 2011 of ClubHack Magazine. This time too we are with continuing Malware theme.
This issue covers following articles:-
0x00 Tech Gyan - Low Profile Botnets
0x01 Tool Gyan - Demystifying the Android Malware
0x02 Mom's Guide - MALDROID
0x03 Legal Gyan - Law relating to Child Pornography in India
0x04 Matriux Vibhag - WEBSECURIFY
0x05 Poster - Bhag Bhag PC Bose
• WLAN/WiFi
• GPRS
*New Technologies*
• Chrome
• IE8
• Android
• iPhone
*Virtualization *
*Malware/Rootkits
BotNets
Security Policy/Best Practices
Next Page>>
|
