Security News

A vulnerability in Firefox for Android paves the way for an attackers to launch websites on a victim's phone, with no user interaction. "Instead of providing the location of an XML file describing a UPnP device, an attacker can run a malicious SSDP server that responds with a specially crafted message pointing to an Android intent URI. Then, that intent will be invoked by the Firefox application itself."

Researchers have uncovered a threat group launching surveillance campaigns that target victims' personal device data, browser credentials and Telegram messaging application files. One notable tool in the group's arsenal is an Android malware that collects all two-factor authentication security codes sent to devices, sniffs out Telegram credentials and launches Google account phishing attacks.

A vulnerability identified in Firefox for Android could have been exploited to remotely open arbitrary websites on a targeted user's phone without the need to click on links, install malicious applications, or conduct man-in-the-middle attacks. The flaw was discovered by researcher Chris Moberly in version 68 of Firefox for Android.

Dear Android users, if you use the Firefox web browser on your smartphones, make sure it has been updated to version 80 or the latest available version on the Google Play Store. Discovered originally by Australian security researcher Chris Moberly, the vulnerability resides in the SSDP engine of the browser that can be exploited by an attacker to target Android smartphones connected to the same Wi-Fi network as the attacker, with Firefox app installed.

Roid security is always a hot topic and almost always for the wrong reason, including Google's failure to prevent malicious apps from being distributed through the Play Store, over-claim of permissions by apps, and privacy leakages. This feature is not new in Android but was earlier only available to use while downloading a new app from the Google Play Store.

Researchers have disclosed four high-severity flaws in the Android version of TikTok that could have easily been exploited by a seemingly benign third-party Android app. Disclosure of the flaws come just as the owner of social-media platform have reportedly chosen Oracle as an American tech partner that could help keep the app running in the U.S.,on the heels of U.S. president Donald Trump threatening to ban the app over spying concerns.

Consider this: Android 11 gives you much more control over app permissions. Why wait for that eventuality when you can manage those app permissions right away-especially when you might have given those apps unrestricted access to your device?

Roid 11 is the seventh operating system release to include enterprise features since the introduction of the work profile in 2014 to separate work data on employees' personal devices. The new platform iteration, Google says, brings the work profile privacy protections to enterprise-issued devices.

Google patched a critical vulnerability in the Media Framework of its Android operating system, which if exploited could lead to remote code execution attacks on vulnerable devices. "The most severe of these issues is a critical security vulnerability in the Media Framework component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process," according to the Android security update.

App permissions has been a sticky bit for security within the Android OS. Even though Android has seen vast improvements over this issue in the past few releases, there's always room for improvement, which is exactly what the developers have done. Roid 11 introduces a new feature that will block an app from requesting permissions if a user denies permissions twice.