Playing a specially-crafted video on devices with the Android's native video player application could allow attackers to compromise them due to a dangerous critical remote code execution flaw. The vulnerability, tracked as CVE-2019-2107, affected Android OS between version 7.0 and 9.0 (Nougat, Oreo, or Pie) potentially impacting over 1 billion devices.
Google announced the integration of more security features into Android Q designed to further harden the security of critical areas like the kernel, as well as making storage encryption standard and updated biometrics API.
Thousands of users of an app called WiFi Finder, the stated purpose of which is, obviously, to locate and provide credentials for public wifi hotspots, inadvertently submitted their own home wifi passwords to the app's database, which has now leaked online.
An Android vulnerability has been uncovered that allows attackers to modify apps in an undetected way, without affecting their signatures.
Both iOS and Android devices are targeted by hackers, but data suggests there is more Android malware in circulation than for iOS; a recent report by F-Secure goes so far as to say 99 percent of all malware that targets mobile devices is designed for Android.
When the researchers set DIALDroid loose on the 100,206 most downloaded Android apps, they turned up nearly 23,500 app pairs that leak data. More than 16,700 of those pairs also involved privilege escalation, which means the second app received a type of sensitive information that it's typically forbidden from accessing.
Android users, the Mediaserver is still in the spotlight with Critical and High vulnerabilities this month. But the Media server is not the only issue at hand-in fact, this month there are eight critical flaws. Let's look at the critical flaws that are detailed in the February 2017 Android Security Bulletin.