Attackers could exploit over-the-air updates in three million Android devices to remotely execute commands with root privileges via a man-in-the-middle (MiTM) attack.
Backdoor Found in Firmware of Some Android Devices
Qualcomm and HackerOne Partner on Bounty Program
Qualcomm and HackerOne are partnering for a bug bounty program that pays out up to $15,000 for vulnerabilities found in chipsets used in smartphones made by Samsung, LG and HTC.
iPhone Call History Synced to iCloud Without User Consent, Knowledge
Security experts warn iPhone call history data may be synced to iCloud accounts without user knowledge, making personal phone records an easy target for a determined third-party.
iOS 10 Passcode Bypass Can Access Photos, Contacts
A vulnerability in iOS 8, 9, 10, and even the most recent beta version, 10.2 beta 3, could allow an attacker to access photos and contacts on a locked iPhone.
OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijacking
Mobile app developers need to be aware of improper OAuth 2.0 implementations that have put one billion mobile apps at risk to takeover.
Signal Audit Reveals Protocol Cryptographically Sound
Academics audited the popular end-to-end encryption app Signal and their findings are encouraging.
iOS WebView Problem Allows Attackers to Initiate Phone Calls
An issue in iOS WebView that is trivial to exploit can give an attacker the ability to trigger phone calls from a targeted device, researcher Collin Mulliner said.
Locky Targets OPM Breach Victims
A phishing campaign is targeting some of the 22 million victims of the massive United States Office of Personnel Management breaches of 2014 and 2015.
Google Releases Supplemental Patch for Dirty Cow Vulnerability
Google’s November Android Security Bulletin patched 15 critical vulnerabilities, but only a supplemental patch for the Dirty Cow Linux vulnerability.