Security News

Trend Micro has pulled the Privacy Browser from its Dr Safety Android security suite following the discovery of a reoccurring flaw that could be abused to trick people into thinking malicious pages were legit. Trend responded by pulling the app from its Android security suite.

A security researcher was able to compromise an Android application by invoking each of its exposed Activity components. Activities, one of the three primary components of Android apps, are called using Intents, which are messaging objects that applications use to communicate with their different components.

The image, a seemingly innocuous sunset sky above placid waters, may be viewed without harm. The fault does not appear to have been maliciously created.

Google has addressed two critical flaws in its latest monthly Android update that enable remote code execution on Android mobile devices. The critical bugs exist in the Android System area, and would allow a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.

Google has started rolling out the June 2020 security patches for the Android operating system, which address a total of 43 vulnerabilities, including several rated critical. This is one of the two critical remote code execution issues patched in System, both affecting Android releases 8.0 through 10.

Researchers have publicised a critical security flaw in Android which could be used by attackers to "Assume the identity" of legitimate apps in order to carry out on-device phishing attacks. Promon doesn't delve into the inner workings of the flaw in huge detail but malware exploiting it would be able to overlay a malicious version of any app over the real app, capturing all logins as they are entered by an oblivious user.

Google has released a patch for CVE-2020-0096, a critical escalation of privilege vulnerability in Android that allows attackers to hijack apps on the victim's device and steal data. Dubbed StrandHogg 2.0 because its similar to the StrandHogg vulnerability exploited by hackers in late 2019, it affects all but the latest version of Android.

Over the last few years, security researchers have been able to crack various Android phones during Pwn2Own hacking competitions. Now one firm has collected its research and finds a potentially significant global problem: Android security may be dependent on the country of use.

A critical privilege-escalation vulnerability affecting Android devices has been found that allows attackers to hijack any app on an infected phone - potentially exposing private SMS messages and photos, login credentials, GPS movements, phone conversations and more. The bug is dubbed the "StrandHogg 2.0" vulnerability by the Promon researchers who found it, due to its similarity to the original StrandHogg bug discovered last year.

Researchers at Norwegian app security company Promon on Tuesday disclosed the existence of a serious Android vulnerability that allows a piece of malware to hijack nearly any application installed on the victim's device. In December 2019, Promon warned that an Android vulnerability, which it dubbed StrandHogg, was being exploited by tens of malicious Android apps to escalate privileges.