Google Android could allow a local authenticated malicious user to gain elevated privileges on the system, caused by a use-after-free in the binder driver at /drivers/android/binder.c. By executing a specially-crafted application, an attacker could exploit this vulnerability to gain elevated privileges.
Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit saga0324 committed 3301a1a 2 minutes ago MERGED FROM OLD ACCOUNT Git stats 1 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time Android.mk MERGED FROM OLD ACCOUNT 2 minutes ago AndroidProducts.mk MERGED FROM OLD ACCOUNT 2 minutes ago BoardConfig.mk MERGED FROM OLD ACCOUNT 2 minutes ago README.md MERGED FROM OLD ACCOUNT 2 minutes ago omni.dependencies MERGED FROM OLD ACCOUNT 2 minutes ago omni_sh8996.mk MERGED FROM OLD ACCOUNT 2 minutes ago recovery.fstab MERGED FROM OLD ACCOUNT 2 minutes ago sh8996.mk MERGED FROM OLD ACCOUNT 2 minutes ago system.prop MERGED FROM OLD ACCOUNT 2 minutes ago vendorsetup.sh MERGED FROM OLD ACCOUNT 2 minutes ago View code README.md Device Details for SHARP SH8996 (SHV34/506SH/AQUOS P1) (AL40/PA32/P1X) Basic Spec CPU 2 x Kryo 2.2Ghz + 2 x Kryo-LP 1.6Ghz Chipset Qualcomm Snapdragon 820 (MSM8996) GPU Adreno 530 ROM 32GB RAM 3GB Android 6.0.1->7.0->8.0.0 Kernel 3.18.20->3.18.31->3.18.71 Battery 3000mAh Display 1920x1080pixels 5.3inches IGZO Rear Camera 22.60MP Front Camera 5MP Carrier Japan-au/SoftBank China-Open Way to write own built recovery image Via Exp In S5290 version,bootloader can be unlocked by modify devinfo partition 's flag.but this device don't have any fastboot and qdloader,so you must use exp(such as dirtycow,CVE-2019-2215 and so on)to write your own built recovery image About No description, website, or topics provided. Resources Readme Releases No releases published Languages Makefile 98.2% Shell 1.8%
Triggering and Analyzing Android Kernel Vulnerability CVE-2019-2215
Android Security Resources.
There were more zero-days exploited in 2019 than any of the previous three years, according to telemetry from FireEye Mandiant. The firm said that’s likely due to more zero-days coming up for sale by cyber-weapons dealers like NSO Group; a growing commercial market has made such tools much more widely available.
While the identification and exploitation of zero-day vulnerabilities has historically been a calling card for only the most sophisticated cybercriminals, a wider range of threat...
Apps spotted abusing use-after-free() bug seven months before patch
At least three malicious apps with device-hijacking exploits have made it onto the Google Play Store in recent weeks.
This is according to eggheads at Trend Micro, who found that the since-removed applications were all abusing a use-after-free() flaw in the operating system to elevate their privileges, and pull down and run further malware from a command-and-control server. The malicious apps were Camero, FileCrypt, and callCam, so check if you still have them installed.
"The three m...
...OnePlus also compromised, and much more
Roundup Time for another roundup of all the security news that's fit to print and that we haven't covered yet.
T-Mobile US prepaid account holders got some unwelcome news this week when their wireless carrier admitted on Friday it was compromised by miscreants who would have been able to ogle customers' personal information.
Exposed details include name, billing address, account number, and mobile plan types. T-Mobile notes that, at least, no bank card info was exposed.
Google has released fixes for three critical-severity vulnerabilities in the Media framework of its Android operating system, which if exploited could allow a remote attacker to execute code.
The remote code execution (RCE) flaws are part of Google’s October 2019 Android Security Bulletin, which deployed fixes for high and critical-severity vulnerabilities tied to nine CVEs overall. Qualcomm, whose chips are used in Android devices, also patched 18 high and critical-severity...
Google is warning of an Android zero-day flaw actively being exploited in the wild, which gives an attacker full control over 18 phone models including its flagship Pixel handset and devices made by Samsung, Huawei and Xiaomi.
Google’s Project Zero warned late Thursday that it suspected the vulnerability was being exploited by the controversial Israeli-based NSO Group Technologies or one of its customers. The NSO Group has been criticized for selling zero-day exploits to “authorized go...
Google's Threat Analysis Group (TAG) says that a new Android zero-day is actively being exploited in the wild in attacks targeting vulnerable Google Pixel, Huawei, Xiaomi, Samsung, Oppo, and Moto smartphones.
This zero-day is a kernel local privilege escalation (LPE) bug using a use-after-free vulnerability in the Android binder driver that can be exploited by potential attackers to get full-control of unpatched devices.
"If the exploit is delivered via the web, it only needs to be ...