Security
Headlines
HeadlinesLatestCVEs

Tag

#android

Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads

UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service.

Threatpost
#Cloud Security#InfoSec Insider#Vulnerabilities#vulnerability#Breach#Web Security#Sponsored#Vulnerabilities#Malware#Web Security#microsoft#Malware#Web Security#Malware#Mobile Security#Web Security#android
Over 10 Million Android Users Targeted With Premium SMS Scam Apps

A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge. The premium SMS scam campaign — dubbed "UltimaSMS" — is believed to commenced in May 2021 and involved apps that cover a wide range of categories, including keyboards, QR code scanners, video and photo

CVE-2021-0938: Pixel Update Bulletin—October 2021  |  Android Open Source Project

In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171418586References: Upstream kernel

CVE-2021-0941: Pixel Update Bulletin—October 2021  |  Android Open Source Project

In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References: Upstream kernel

CVE-2021-0939: Pixel Update Bulletin—October 2021  |  Android Open Source Project

In set_default_passthru_cfg of passthru.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186026549References: N/A

CVE-2021-0936: Pixel Update Bulletin—October 2021  |  Android Open Source Project

In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173789633References: Upstream kernel

CVE-2021-0940: Pixel Update Bulletin—October 2021  |  Android Open Source Project

In TBD of TBD, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171315276References: N/A

CVE-2021-0935: Pixel Update Bulletin—October 2021  |  Android Open Source Project

In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References: Upstream kernel