lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAOiYMADJV602CTkGCS_Xm+CQSqFoyxkV-SQLPsO1SuFgtLPf_A@mail.gmail.com> Date: Thu, 23 Jan 2014 19:27:28 -0800 From: Raymond Zhang <bugfree@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Fwd: Trustlook discovered Microsoft’s first high risk Android Vulnerability http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/ Imagine in a leisurely afternoon, you are sitting in a coffee shop. You want to search for the latest movie information for tonight’s dating. So you connected to the public wifi called “Starbucks”, and opened the Bing app. Sounds natural? What you can’t imagine is, at the moment you opened the Bing app (com.microsoft.bing) under an untrusted wifi, your phone or tablet could be hacked completely. The hacker could download and install any malware app to your phone, turn your phone into a tapping device or make unauthorized phone calls. As the Bing Android app (4.2.0 and lower) has been discovered a remote code execution vulnerability, attackers can execute arbitrary Java code when the app is opened under a compromised network. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists