Google Migrating Android to Memory-Safe Programming Languages
Between 2019 and 2022, the annual number of reported memory safety issues in Android has dropped from 223 to 85, due to an increase in the amount of memory-safe code entering the mobile platform, and the trend is expected to continue. Memory safety bugs, Google notes, are typically the most severe type of vulnerabilities. In…
PCI SSC publishes new standard for mobile payment acceptance solutions
The PCI Security Standards Council (PCI SSC) published a new standard designed to support the evolution of mobile payment acceptance solutions. PCI Mobile Payments on COTS (MPoC) builds on the existing PCI Software-based PIN Entry on COTS (SPoC) and PCI Contactless Payments on COTS (CPoC) Standards, which individually address security requirements for solutions that enable…
Google Ready to Roll Out Android Privacy Sandbox in Beta
The initiative was initially announced in February, with the developer preview version of the feature being released in May. The Privacy Sandbox on Android is meant to limit the sharing of user data and prevent cross-app identifiers such as advertising IDs, while supporting developers and businesses that are targeting mobile devices. In May, the internet…
Google Pays $70k for Android Lock Screen Bypass
Tracked as CVE-2022-20465, the security bug was resolved as part of the November 2022 Android patches, and could have allowed an attacker with physical access to a device to unlock it in minutes. The issue, which Schutz accidentally discovered, could allow an attacker to unlock an Android phone by triggering the SIM PIN reset mechanism,…
Comprehensive Traceability for Android Supply-Chain Security
Product supply-chain traceability is a very important aspect in manufacturing as it contributes directly to product safety, quality, and, as an emerging trend, product sustainability and ethics. In terms of safety, automotive manufacturers consistently announce product recalls to protect their customers from failure of faulty parts, as well as to protect themselves by being compliant…
Apple Fixes Exploited Zero-Day With iOS 16.1 Patch
The Cupertino device maker confirmed the active exploitation of CVE-2022-42827, warning in a barebones advisory that the flaw exposes iPhones and iPads to arbitrary code execution attacks. “An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited,” Apple said…
RealDefense Raises $30 Million to Acquire More Privacy, Cybersecurity Firms
Founded in 2017, the Pasadena, California-based firm provides organizations with privacy, cybersecurity, and optimization solutions for PC, Mac, and mobile devices. The firm offers software and services tailored for consumers and small businesses and has a global presence in 33 countries, claiming to have more than one million customers. Additionally, RealDefense offers an M&A playbook…
Fast Company hacked to send obscene and racist messages
Yesterday, Apple News announced it had disabled the channel of Fast Company, a US-based business magazine, after surprised Twitter users reported it was tweeting offensive comments. Fast Company was hacked on Sunday, September 25. The attacker responsible modified article titles to obscene and racist things: “Hacked by Vinny Troia. [redacted] tongue my [redacted]”, one title…
AWS Tokens Lurking in Android, iOS Apps Crack Open Corporate Cloud Data
Thousands of customer-facing Android and iOS mobile apps — including banking apps — have been found to contain hardcoded Amazon Web Services (AWS) credentials that would allow cyberattackers to steal sensitive information from corporate clouds. Symantec researchers uncovered 1,859 business apps that use hardcoded AWS credentials, specifically access tokens. Of these, three-quarters (77%) contain valid…
TikTok for Android Bug Allows Single-Click Account Hijack
A high-severity flaw in the Android version of the TikTok app — which has been installed more than 1.5 billion times so far via the Google Play Store — could allow threat actors to hijack a user’s account with a single click. Microsoft discovered the high-severity vulnerability in the handling of one of TikTok for…
