Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • Email Subscription

  • About Us


    Archive for the ‘Mobile’ Category




    Issues surrounding the Android mediaserver component continue. It has been brought to our attention that a vulnerability (CVE-2015-3823) could (theoretically) be used for arbitrary code execution as well. On August 23, Google raised the severity of this vulnerability to "critical", indicating that code execution was possible. We have previously discussed how this bug in the mediaserver component of Android could lock devices in an endless reboot loop. To recap, the vulnerability is an integer overflow in parsing .MKV files, which causes the device to fall into ...

    Posted in Mobile, Vulnerabilities |



    The “hits” keep on coming for Android’s mediaserver component. We have discovered yet another Android mediaserver vulnerability, which can be exploited to perform attacks involving arbitrary code execution. With this new vulnerability, an attacker would be able to run their code with the same permissions that the mediaserver program already has as part of its normal routines. This vulnerability has been designated as CVE-2015-3842. While it affects Android versions 2.3 to 5.1.1, Google has fixed and published details this vulnerability via ...




    Two newly discovered Android vulnerabilities can potentially be used to mess up specific messaging functions in phones and tablets. The first, designated as CVE-2015-3839, may allow attackers to insert malicious messages in the system messaging app and cause it to crash, thus blocking users from sending or receiving messages. Meanwhile, the second flaw, designated as CVE-2015-3840, allows attackers to tamper with the sent/received statuses of SMS and MMS messages, may lead to multiple send charges for users. Unlike the recently disclosed ...

    Posted in Mobile, Vulnerabilities |



    We have discovered a new vulnerability that allows attackers to perform denial of service (DoS) attacks on Android’s mediaserver program. This causes a device’s system to reboot and drain all its battery life. In more a severe case, where a related malicious app is set to auto-start, the device can be trapped in an endless reboot and rendered unusable. The vulnerability, CVE-2015-3823, affects Android versions 4.0.1 Jelly Bean to 5.1.1 Lollipop. Around 89% of the Android users (roughly 9 in 10 Android devices ...




    Earlier this week Zimperium zLabs revealed an Android vulnerability which could be used to install malware on a device via a simple multimedia message. This vulnerability, now known as Stagefright, has gained a lot of attention for the potential attacks it can cause. Stagefright makes it possible, for example, for an attacker to install a spyware app in a targets phone without their knowledge just by sending an MMS. Versions of Android from 4.0.1 to 5.1.1 are affected; this represents 94.1% of all ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice