August 16, 2024 at 03:15AM Dormant software in certain Google Pixel devices presents a vulnerability, allowing potential nefarious attacks and malware delivery. The issue stems from a pre-installed Android app with extensive system privileges, leaving devices susceptible to remote code execution. Despite being non-malicious, the app’s potential exploitation prompted Google to remove it from supported … Read more
July 22, 2024 at 10:47AM Summary: The “EvilVideo” zero-day vulnerability in Telegram for Android allowed threat actors to send malicious APK payloads disguised as video files. ESET researchers discovered the flaw and notified Telegram, which released a patch in version 10.14.5. The exploit required multiple steps for execution, reducing the risk of successful attacks. Users … Read more
May 3, 2024 at 05:07PM Mullvad VPN user discovered that Android devices leak DNS queries despite enabling “Always-on VPN” and “Block connections without VPN” option. This bug, affecting Android 14, leaks DNS traffic when using specific apps or when VPN configurations change. Mullvad suggests workarounds and urges OS fixes to protect all Android users’ privacy. … Read more
February 21, 2024 at 12:27PM Cybersecurity researchers have discovered authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices. The vulnerabilities, tracked as CVE-2023-52160 and CVE-2023-52161, could deceive users into malicious networks or allow attackers to join trusted networks without a password. Fixes are available for some systems but pending for … Read more