remote code execution Archives - ThreatsHub Cybersecurity News

“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps

May 1, 2024 TH Author Android, Credential Theft, remote code execution

Microsoft discovered a vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s internal data storage directory, which could lead to arbitrary code execution and token theft, among other impacts. We have shared our findings with Google’s Android Application Security Research team, as well as the developers of apps found vulnerable to this issue. We anticipate that the vulnerability pattern could be found in other applications. We’re sharing this research more broadly so developers and publishers can check their apps for similar issues, fix as appropriate, and prevent them from being introduced into new apps or releases.
The post “Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server

December 15, 2023 TH Author remote code execution

Four new unauthenticated remotely exploitable security vulnerabilities discovered in the popular source code management platform Perforce Helix Core Server have been remediated after being responsibly disclosed by Microsoft. Perforce Server customers are strongly urged to update to version 2023.1/2513900.
The post Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server appeared first on Microsoft Security Blog. READ MORE HERE…

Threatpost

Six Vulnerabilities Found in Dell EMC’s Disaster Recovery System, One Critical

May 22, 2018 TH Author Dell EMC, Disaster Recovery, DSA-2018-095, Featured, Hacks, Linux, paul taylor, recoverpoint, remote code execution, virtual machines, Vulnerabilities

A pen-tester has found five vulnerabilities in Dell EMC RecoverPoint devices, including a critical RCE that could allow total system compromise. READ MORE HERE…

Threatpost

Severe Keyboard Flaws in LG Smartphones Allow Remote Code Execution

May 9, 2018 TH Author 0 Comments Android, handsets, keyboard flaw, LG, Mobile Security, patch, remote code execution, smartphone, Vulnerabilities

An attacker can gain man-in-the-middle access to inject a rogue executable file onto the phone. Read More HERE…