Security Alerts & News
by Tymoteusz A. Góral

History
#713 Qualcomm software flaw exposes Android user data
FireEye has disclosed the details of a serious information disclosure vulnerability affecting a Qualcomm software package found in hundreds of Android device models.

Google announced this week that it released an Android update to patch tens of vulnerabilities. The search giant’s security advisory also mentioned an information disclosure vulnerability in the Qualcomm tethering controller (CVE-2016-2060) that allows a malicious application to access user information.

The vulnerability, discovered by researchers at FireEye-owned Mandiant, has been rated “high severity,” but Google noted that it does not affect Nexus devices. The patch for the issue is not in the Android Open Source Project (AOSP) repository — instead, it should be included in the latest driver updates for affected devices.

FireEye said its researchers informed Qualcomm about the vulnerability in January and the vendor developed a fix by early March, when it started reaching out to OEMs to let them know about the issue. Now it’s up to the device manufacturers to push out the patch to customers.

The flaw exists in an open source software package maintained by Qualcomm and is related to the Android network daemon (netd).
Read more
#713 Qualcomm software flaw exposes Android user data
#712 Diary of a ransomware victim
#711 Petya: the two-in-one trojan
#710 Kaspersky: IT threat evolution in Q1 2016 report (PDF)
#709 Malware may abuse Android’s accessibility service to bypass security enhancements
#708 IBM just made a powerful research tool available to everyone for free
#707 Big data breaches found at major email services - expert
#706 Public exploits available for ImageMagick vulnerabilities
#705 Identity thieves used leaked PII to steal ADP payroll Info
#704 Apple updates Xcode’s Git implementation
#703 Cisco patches critical TelePresence vulnerability
#702 Microsoft unveils new effort to make its developer, IT documentation great again
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12