Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  
  • Email Subscription

  • About Us


    Archive for the ‘Mobile’ Category




    Earlier this week Zimperium zLabs revealed an Android vulnerability which could be used to install malware on a device via a simple multimedia message. This vulnerability, now known as Stagefright, has gained a lot of attention for the potential attacks it can cause. Stagefright makes it possible, for example, for an attacker to install a spyware app in a targets phone without their knowledge just by sending an MMS. Versions of Android from 4.0.1 to 5.1.1 are affected; this represents 94.1% of all ...




    We have discovered a vulnerability in Android that can render a phone apparently dead - silent, unable to make calls, with a lifeless screen. This vulnerability is present from Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop). Combined, these versions account for more than half of Android devices in use today. No patch has been issued in the Android Open Source Project (AOSP) code by the Android Engineering Team to fix this vulnerability since we reported it in ...




    Following news that iOS devices are at risk of spyware related to the Hacking Team, the saga continues into the Android sphere. We found that among the leaked files is the code for Hacking Team’s open-source malware suite RCSAndroid (Remote Control System Android), which was sold by the company as a tool for monitoring targets. (Researchers have been aware of this suite as early as 2014.) The RCSAndroid code can be considered one of the most professionally developed and sophisticated Android ...

    Posted in Mobile |



    We analyzed the recent Hacking Team dump and found a sample of a fake news app that appears to be designed to circumvent filtering in Google Play. This is following news that iOS devices are at risk of spyware related to the Hacking Team. The fake news app was downloaded up to 50 times before it was removed from Google Play on July 7. The “BeNews” app is a backdoor app that uses the name of defunct news site “BeNews” to appear ...




    We have discovered a vulnerability in the integrated Android debugger Debuggerd that can be used to expose the contents of the device's memory in devices running Ice Cream Sandwich to Lollipop. A specially crafted ELF (Executable and Linkable Format) file can crash the debugger and expose the memory content via tombstone files and corresponding logd log files. This information can be used in denial of service attacks, as well as to help bypass ASLR for arbitrary code execution. By itself, the vulnerability cannot be used for code ...

    Posted in Mobile, Vulnerabilities |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice