A fairly classic mobile issue, the McAfee Security: Antivirus VPN is a highly privileged app and it exports a fairly generic `MainActivity`.The `MainActivity` is rather dynamic in terms of what type content it'll load, basically acting as a wrapper to load whatever the real intent was...
Starts off with an exposed activity in the KAYAK app, ends up with session hijacking.
Two vulnerabilities, the first an insecure activity is exposed that allows other applications to automatically install any application on the Galaxy Store, the secondis a filter bypass which can lead to navigating the CloudGame webview to an untrusted domain.
**tl;dr** Android Parcels have their own memory pool rather than being free'd all the way back to the general Java memory pool. This custom memory management, combined with a bug resulting in a dangling reference in a Parcel to an older version of the parcel creates a "use-after-free" like situation
A post by project zero on a vuln in a new library used for DER entitlements.Entitlements are Apple's fine-grained permission system and essentially define what capabilities an app or service has...
Bit of a race condition leading to a lock screen bypass on Pixel devices.
Oversecured pointed their code-scanning tool at discovering issues in vendor patches to the Android System APIs and found a number of places where Samsung introduces vulnerabilities.
Funny bug in Task.org, which is an open source reminder and todo list tracking app.The vulnerability is lack of path validation in the ShareLinkActivity's `share` intent...
There seems to be a lot of gaps in this writeup, but to the best of my understanding the bug a straight forward XSS but only in the MCS Webview giving access to the `window.GalaxyStore` object to download or open any application from the store.
Simple bypass of the (optional) password lock screen by force-killing the application a few times.The exact cause of this is unclear, I have seen something previously where it was a "feature" because the developers thought it was crashing on that point so disabled it to let the user continue to use the application...