Security News
This week Samsung has started rolling out Android's March security updates to mobile devices to patch critical security vulnerabilities in the runtime, operating system, and related components. This comes after Android had published their March 2021 security updates bulletin, which includes patches for critical vulnerabilities impacting the latest devices.
Android 11 allows users to enable the Wi-Fi-Enhanced MAC randomization. Jack Wallen shows you how.
Google this week announced the release of patches for 37 vulnerabilities as part of the Android security updates for March 2021, including a fix for a critical flaw in the System component. Tracked as CVE-2021-0397 and affecting Android 8.1, 9, 10, and 11 releases, the security issue could allow an attacker to execute code remotely on a vulnerable device.
A security researcher has recommended against using the LastPass password manager Android app after noting seven embedded trackers. German infosec bod Mike Kuketz spotted LastPass's trackers in analysis produced by Exodus, which describes itself as "a non-profit organization led by hacktivists [whose] purpose is to help people get a better understanding of the Android applications tracking issues."
A security researcher has recommended against using the LastPass password manager Android app after noting seven embedded trackers. German infosec bod Mike Kuketz spotted LastPass's trackers in analysis produced by Exodus, which describes itself as "a non-profit organization led by hacktivists [whose] purpose is to help people get a better understanding of the Android applications tracking issues."
Google is adding support for the Password Checkup service to Android applications through the passwords autofill feature to warn users if their saved passwords have been compromised or leaked in data breaches. The company initially released the Password Checkup Chrome extension in February 2019 to alert users when their saved logins are weak or affected by a breach.
Multiple unpatched vulnerabilities have been discovered in SHAREit, a popular app with over one billion downloads, that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution. The findings come from cybersecurity firm Trend Micro's analysis of the Android version of the app, which allows users to share or transfer files between devices.
Trend Micro has published a report claiming that data-sharing Android app SHAREit, which has over a billion downloads, contains multiple vulnerabilities after the app's maker ignored advice to fix the flaws. According to Duan and Chang, the SHAREit app implements a broadcast receiver component called "Com.lenovo.anyshare.app.DefaultReceiver" that can be invoked via Android's Intent inter-app communication mechanism from any other app.
An Android app that's been downloaded more than 1 billion times is riddled with flaws that can let attackers hijack app features or overwrite existing files to execute malicious code, or launch man-in-the-disk attacks on people's devices, researchers discovered. The flaws exist in an app called SHAREit, which allows Android app users to share files between friends or devices.
A previously known Windows remote access Trojan with credential-stealing capabilities has now expanded its scope to set its sights on users of Android devices to further the attacker's espionage motives. "The developers of LodaRAT have added Android as a targeted platform," Cisco Talos researchers said in a Tuesday analysis.