Developer Deviato has released DroidPPPwn, a port of the PPPwn PS4 exploit to Android phones. It relies on the C++ port of the PPPwn exploit (and therefore is reasonably fast to run). As one...

In this post, we announce the release of a small library for disassembling Dalvik bytecode. This serves as a foundation for building static analysis tooling for Android applications and system services in Rust. Read on for an example graphview application…

Authored by Dexter Shin Many government agencies provide their services online for the convenience of their citizens. Also, if this service could be

At OffensiveCon 2024, the Android Red Team gave a presentation (slides) on finding and exploiting CVE-2023-20938, a use-after-free vulnerability in the Android Binder device driver. This post will provide technical details about this vulnerability and how…

Clobber the world — Endless side effect issue in Safari

We have discovered a vulnerability in Android that allows an attacker with the WRITE_SECURE_SETTINGS permission, which is held by the ADB shell and certain privileged apps, to execute arbitrary code as any app on a device. By doing so, they can read and write…

Learn how to protect your devices against evolving iOS threats.

Intro Welcome fellow antiquarians, after detouring a little bit on the app layer we are back to the native layer. Both parts are very important for Android userland of course. The apps provide intera…

Summary


On April 18, 2024, XLab's threat hunting system detected an ELF file with zero detections on VirusTotal being distributed through two different domains. One of the domains was marked as malicious by three security firms, while the other was recently…

The report analyzes the security properties of a popular biometric access control terminal made by ZKTeco and describes vulnerabilities found in it.

ESET research has discovered Arid Viper espionage campaigns that deploy multistage Android spyware and target people in Egypt and Palestine.

Cisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track as “HeavyLift.”

Posted by Seth Jenkins, Google Project Zero Introduction Android's open-source ecosystem has led to an incredible diversity of manufactu...

With physical access to Android device with enabled ADB debugging running Android 12 or 13 before receiving March 2024 security patch, it is possible to access internal data of any user installed app by misusing CVE-2024-0044 vulnerability. Internal data…

We will explore features of using Metasploit payload generator on NetHunter, and show you how to create and deliver custom payloads to Android smartphone

Summary
We (Julien Ahrens @MrTuxracer and myself @Evan_Connelly) identified nearly 30 popular apps, as well as a feature within iOS itself, vulnerable to an attack in which any installed iOS app from the Apple App Store could perform an account takeover of…

When it comes to mobile devices, Android is the most popular and used operating system with over 3.9 billion active users in over 190 countries.

FileSystem Monitor (fsmon) allows you to monitor file system events at runtime on Linux, OSX, iOS and Android systems. Useful for bug bounty hunters, malware analyst