Vulnerabilities tagged 'mobile'

Vulnerability in ipc_kmgs_get_from_kernel in iOS 15.4

A fairly trivial OOB write in the XNU kernel that was introduced in an iOS 15.0 beta and patched in iOS 15.4.It seems ipc_kmsg_get_from_user() in conjunction with pre-allocated kmsgs (via mktimer) can receive sizes that are larger than the pre-allocated buffer…


One-Click Account Hijacking in TikTok (Android)

Post by Microsoft’s 365 Defender research team on an access control issue in TikTok’s Android app.The problem focuses on WebViews and how they interact with deeplinks, which are special hyperlinks that Android supports that applications can setup hooks for…


[Nextcloud] Bypass the protection lock in andoid app

Simple bypass of the (optional) password lock screen by force-killing the application a few times.The exact cause of this is unclear, I have seen something previously where it was a “feature” because the developers thought it was crashing on that point so disabled it to let the user continue to use the application…


Local File Read via Stored XSS in The Opera Browser

The vulnerability here is simply that Opera’s Pinboard feature allows pinning URLs starting with javascript: creating a clickable link on a Pinboard that will execute JavaScript. Unfortunately (for the attacker) these tabs open in a new window and not within the Pinboard context unless middle clicking, then these links will trigger them within the Pinboard context.


Insecurely Configured File Provide Exposes Brave's Cookie Database

Brave when configuring its File Provider exposes all files form its public and private directory. This means an app could trigger a download a Brave’s cookie database by making a request to the content:// url for it and have it downloaded into the Downloads folder where any app could read it.