Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    January 2015
    S M T W T F S
    « Dec    
     123
    45678910
    11121314151617
    18192021222324
    25262728293031
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category




    Every Android app comprises of several components, including something called the AndroidManifest.xml file or the manifest file. This manifest file contains essential information for apps, “information the system must have before it can run any of the app's code.” We came across a vulnerability related to the manifest file that may cause an affected device to experience a continuous cycle of rebooting—rendering the device nearly useless to the user. The Manifest File Vulnerability The vulnerability can cause the OS to crash through ...




    A few months back, we discussed the Android Same Origin Policy (SOP) vulnerability, which we later found to have a wider reach than first thought. Now, under the collaboration of Trend Micro and Facebook, attacks are found which actively attempt to exploit this particular vulnerability, whose code we believe was based in publicly available Metasploit code. This attack targets Facebook users via a link in a particular Facebook page that leads to a malicious site. This page contains obfuscated JavaScript code (see in Figure 1 below), which includes ...



    Dec23
    12:05 am (UTC-7)   |    by

    Earlier this year, Linux system administrators all over the world had to deal with the Shellshock vulnerability, which could lead to malicious code being run on Linux systems. Servers running various web services were at particular risk. By now, most major distributions have been able to release patches that upgraded the vulnerable bash shell to versions not affected by Shellshock. Enough time has passed that some may think that the threat is "over", but is that the case? We decided to carry out a ...

    Posted in Vulnerabilities |



    Security researchers have announced a new "vulnerability" in Linux dubbed "Grinch", which allows for escalation-of-privilege attacks in versions of Linux that use the polkit toolkit for privilege authorization. However, the true threat of this vulnerability is much more limited. The bug was named after the holiday season and the Dr. Seuss character, as some would say that this would have the potential to ruin the season of network administrators. An independent researcher first posted about this vulnerability - which he called PackageKit Privilege Escalation ...

    Posted in Exploits, Vulnerabilities |



    We have discovered a vulnerability in Android that affects how cross-signed certificates are handled. No current Android release correctly handles these certificates, which are created when two certificates are signed with a looped certificate chain (certificate A signs certificate B; certificate B signs certificate A). We've already notified Google about this vulnerability, and there is no fix and no timeframe for a fix from them. When a specially-constructed malformed certificate is introduced into an Android device (either by a new app being installed ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice