Written By Roee Hay

Android Vulnerabilities: Attacking Nexus 6 and 6P Custom Boot Modes

X-Force researchers disclosed several Android vulnerabilities that could enable cybercriminals to use custom boot modes to take over Nexus 6 and 6P modems.

Undocumented Patched Vulnerability in Nexus 5X Allowed for Memory Dumping via USB

The IBM X-Force Application Security Research Team discovered a previously undocumented vulnerability in older versions of Nexus 5X's Android images.

Remote Code Execution in Xiaomi MIUI Analytics

The IBM X-Force AppSec Research Team has discovered a remote code execution (RCE) vulnerability in MIUI, the flavor of Android developed by Xiaomi.

DroppedIn: Remotely Exploitable Vulnerability in the Dropbox SDK for Android

IBM X-Force has discovered a vulnerability in Dropbox SDK for Android that lets attackers connect mobile apps to Dropbox accounts that they control.

IBM Application Security on Cloud Saves the Day

With AppScan Mobile Analyzer, IBM found vulnerabilities in the Apache Cordova framework for mobile apps that enabled a remote drive-by exploitation attack.

Apache Cordova Vulnerability Discovered: 10% of Android Banking Apps Potentially Vulnerable

The IBM Security X-Force Research team has uncovered a serious vulnerability that affects many Android applications built on the Apache Cordova platform.

Android KeyStore Stack Buffer Overflow: To Keep Things Simple, Buffers Are Always Larger Than Needed

Nine months ago, IBM discovered a classic stack-based buffer overflow in the Android KeyStore service; the vulnerability was recently disclosed publicly.

New Vulnerabilities in Firefox for Android: Overtaking Firefox Profiles

We have recently discovered a series of vulnerabilities in Firefox for Android that allows a malicious application to leak sensitive information pertaining to the user profile. We developed attacks that first try to determine the random Firefox...

A New Vulnerability in the Android Framework: Fragment Injection

We have recently disclosed a new vulnerability to the Android Security Team. The vulnerability affected many apps, including Settings (the one that is found on every Android device), Gmail, Google Now, DropBox and Evernote. To be more accurate, any...

Subverting BIND's SRTT Algorithm: Derandomizing NS Selection

New vulnerability found in BIND, the most popular DNS server. Exploiting this vulnerability allows to reduce the amount of effort required for an off-path (blind) DNS cache poisoning attack. This blog post describes the vulnerability in a less...

Co-Written By Roee Hay

One Class to Rule Them All: New Android Serialization Vulnerability Gives Underprivileged Apps Super Status

IBM researchers recently revealed details about an Android serialization vulnerability, including recommendations for protecting mobile devices.