Security News

A vulnerability identified in Firefox for Android could have been exploited to remotely open arbitrary websites on a targeted user's phone without the need to click on links, install malicious applications, or conduct man-in-the-middle attacks. The flaw was discovered by researcher Chris Moberly in version 68 of Firefox for Android.

Dear Android users, if you use the Firefox web browser on your smartphones, make sure it has been updated to version 80 or the latest available version on the Google Play Store. Discovered originally by Australian security researcher Chris Moberly, the vulnerability resides in the SSDP engine of the browser that can be exploited by an attacker to target Android smartphones connected to the same Wi-Fi network as the attacker, with Firefox app installed.

Roid security is always a hot topic and almost always for the wrong reason, including Google's failure to prevent malicious apps from being distributed through the Play Store, over-claim of permissions by apps, and privacy leakages. This feature is not new in Android but was earlier only available to use while downloading a new app from the Google Play Store.

Researchers have disclosed four high-severity flaws in the Android version of TikTok that could have easily been exploited by a seemingly benign third-party Android app. Disclosure of the flaws come just as the owner of social-media platform have reportedly chosen Oracle as an American tech partner that could help keep the app running in the U.S.,on the heels of U.S. president Donald Trump threatening to ban the app over spying concerns.

Consider this: Android 11 gives you much more control over app permissions. Why wait for that eventuality when you can manage those app permissions right away-especially when you might have given those apps unrestricted access to your device?

Roid 11 is the seventh operating system release to include enterprise features since the introduction of the work profile in 2014 to separate work data on employees' personal devices. The new platform iteration, Google says, brings the work profile privacy protections to enterprise-issued devices.

Google patched a critical vulnerability in the Media Framework of its Android operating system, which if exploited could lead to remote code execution attacks on vulnerable devices. "The most severe of these issues is a critical security vulnerability in the Media Framework component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process," according to the Android security update.

App permissions has been a sticky bit for security within the Android OS. Even though Android has seen vast improvements over this issue in the past few releases, there's always room for improvement, which is exactly what the developers have done. Roid 11 introduces a new feature that will block an app from requesting permissions if a user denies permissions twice.

Google addressed two critical vulnerabilities in the Android System component as part of the newly released September 2020 set of security patches. More than 50 flaws are described in the Android Security Bulletin for September 2020: twenty-two as part of the 2020-09-01 security patch level and twenty-nine with the 2020-09-05 security patch level.

Columbia University researchers have released Crylogger, an open source dynamic analysis tool that shows which Android apps feature cryptographic vulnerabilities. To confirm that the cryptographic vulnerabilities flagged by Crylogger can actually be exploited, the researchers manually reverse-engineered 28 of the tested apps and found that 14 of them are vulnerable to attacks.