Date: 2015-10-18
Last Update: 2016-04-08
I have more security issues, but they are in bookmarks right now. I'll update them over the next few days. This page also needs organization.
-
Google fixes 39 Android flaws, 15 of them critical
-
New Android exploit can hack any handset in one shot
-
http://www.engadget.com/2015/11/12/new-android-exploit-can-hack-any-handset-in-one-shot/
Hackers have discovered a critical exploit in Chrome for Android reportedly capable of compromising virtually every version of Android running the latest Chrome. (...) While the inner workings of the exploit are still largely under wraps, we do know that it leverages JavaScript v8 to gain full administrative access to the victim's phone.
- Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire
- https://blog.lookout.com/blog/2015/11/04/trojanized-adware/
Unlike older types of adware that were obvious and obnoxious, prompting users to uninstall them, this new type of adware is silent, working in the background. These malicious apps root the device unbeknownst to the user. To add insult to injury, victims will likely not be able to uninstall the malware, leaving them with the options of either seeking out professional help to remove it, or simply purchasing a new device.
- Apache Cordova Vulnerability: 10% of Android Banking Apps Vulnerable
- https://securityintelligence.com/apache-cordova-phonegap-vulnerability-android-banking-apps/
The IBM Security X-Force Research team has uncovered a serious vulnerability that affects many Android applications built on the Apache Cordova (previously PhoneGap) platform. According to AppBrain, this affects 5.8 percent of Android apps.
- Google No Longer Provides Patches for WebView Jelly Bean and Prior - January 12, 2015
- https://community.rapid7.com/community/metasploit/blog/2015/01/12/google-no-longer-provides-patches-for-webview-jelly-bean-and-prior
A WebView bug that could allow a hacker to take control of a device and affects 60 percent of Android phones and Android tablets will not be patched by Google.
- Making sense of the latest Android security updates scare - January 12, 2015
- http://www.androidauthority.com/latest-android-security-updates-scare-579858/
All vendors have security issues. This list it provided to allow professional to analyze the risk and take appropriate action.
A recent security issues found allows rogue code to insert weblinks into webview, and thereby be used as an attack vector. Another recent security issue will launch attaches from mp3 files