卷说科技


Гео и язык канала: Китай, Китайский
Категория: не указана


一个简单的人,说些想说的话…
欢迎订阅~

Связанные каналы

Гео и язык канала
Китай, Китайский
Категория
не указана
Статистика
Фильтр публикаций








Репост из: 今天你想跑路了吗??
中国三大电商巨头之一的拼多多app被爆出间谍木马化

微信公众号「DarkNavy」[发文]( https://mp.weixin.qq.com/s/P_EYQxOEupqdU0BJMRqWsw ),称某互联网厂商 App 利用 Android 系统漏洞提升权限,进而获取用户隐私及阻止自身被卸载。

据信该APP指的是中国三大电商巨头之一“拼多多”。

该互联网厂商在自家看似无害的 App 里,使用的第一个黑客技术手段,是利用一个近年来看似默默无闻、但实际攻击效果非常好的 Bundle 风水 - Android Parcel 序列化与反序列化不匹配系列漏洞,实现 0day/Nday 攻击,从而绕过系统校验,获取系统级 StartAnyWhere 能力。

提权控制手机系统之后,该 App 即开启了一系列的违规操作,绕过隐私合规监管,大肆收集用户的隐私信息(包括社交媒体账户资料、位置信息、Wi-Fi 信息、基站信息甚至路由器信息等)

之后,该 App 进一步使用的另一个黑客技术手段,是利用手机厂商 OEM 代码中导出的 root-path FileContentProvider, 进行 System App 和敏感系统应用文件读写;

进而突破沙箱机制、绕开权限系统改写系统关键配置文件为自身保活,修改用户桌面(Launcher)配置隐藏自身或欺骗用户实现防卸载;

随后,还进一步通过覆盖动态代码文件的方式劫持其他应用注入后门执行代码,进行更加隐蔽的长期驻留;

甚至还实现了和间谍软件一样的遥控机制,通过远端“云控开关”控制非法行为的启动与暂停,来躲避检测。


建议大家升级系统,并且卸载不用的软件~


Репост из: Неизвестно
Bug found in Android lets you unlock someone's device just a SIM card
Source

A recently disclosed vulnerability gives any attacker with physical access to your Android device the ability to unlock it.

All devices running Android 10 to Android 13 were affected with this bug whether they are running OneUI, MIUI or even Pixel's stock OS. Custom ROMs are also affected by it.

The attacker only needs a SIM card with the PIN and PUK code to run this exploit. PUK (Personal Unlocking Key) is an 8-digit code unique to your SIM card. It is used to unlock your mobile and reset your SIM PIN.

The vulnerability is tracked with CVE-2022-20465 with patches for this issue being now available for AOSP 10-13.

The security researcher reported this bug to Android’s Vulnerability Rewards Program in the middle of this year, but Google did not move on the issue until September after some in-person prompting. It resulted in a $70,000 reward and is listed in the November security patch under a “System” issue with “High” severity.


😳为什么要升级你的安卓系统…这就是原因…




官方工具终于出来了,自己生成自己的YouTube客户端吧~








不过真正的官方频道是这个……
虽然目前没有发布可以安装的版本……https://t.me/app_revanced




Репост из: ReVanced
Видео недоступно для предпросмотра
Смотреть в Telegram
Who Said YouTube ReVanced Mod is not Safe ?? 🤔🥴 You can check by yourself before installing first downloaded apk her
https://t.me/ReVancedTeam1/49
https://t.me/ReVancedTeam1/36
https://t.me/ReVancedTeam1/50
after downloading
go to check both version of YouTube ReVanced and Micro Vanced just uploaded your apk here👇https://www.virustotal.com/gui/home/upload
after uploading website automatic checking your apks
Note:-All apk is very clean and safe some permission is Disabled by modder like Unwanted Permissions/Activities/Services/Providers Disabled .










Репост из: Android Security & Malware
Protecting Android users from 0-Day attacks

Description of 3 campaigns delivered one-time links mimicking URL shortener services to the targeted Android users via email. Once clicked, the link redirected the target to an attacker-owned domain that delivered the exploits before redirecting the browser to a legitimate website.

Compromise flow:
website redirect -> deliver browser exploit -> load ALIEN malware -> load PREDATOR payload
https://blog.google/threat-analysis-group/protecting-android-users-from-0-day-attacks/

Показано 20 последних публикаций.

405

подписчиков
Статистика канала