Summary: One of the top most phone company has info Disclosure vulnerability in there inbuilt sms app.
Continue reading “Information disclosure through javascript bridge in Android”Private giant chat app – Send message to victim while sender blocked
Summary: If receiver blocked sender, still sender was able to send message.
One of giant company’s mobile chat app has functionality to send free sms and when sender send free sms then mobile assigned to that sender for text messaging and it sync to apps chat thread.
So if we send sms to that number that sms goes to chat user and this sync not authenticated blocking functionality.
DoS on Facebook Android using 65530 chars of ZERO WIDTH NO-BREAK SPACE.
Summary: It was possible to delete facebook users draft and settings using DoS with zero width no-break space.
Continue reading “DoS on Facebook Android using 65530 chars of ZERO WIDTH NO-BREAK SPACE.”Twitter Android Javascript Interface Vulnerability
Summary: com.twitter.android.lite.TwitterLiteActivity was set to exported, data passed to intent was not validated and its web view has JSInterface that available to any URL which was loaded through this activity as well as insecure schemes like file, javascript was available through intent.
Continue reading “Twitter Android Javascript Interface Vulnerability”Whatsapp IP address disclosure with Link Preview feature
Continue reading “Whatsapp IP address disclosure with Link Preview feature”Simple php code could disclose Whatsapp ip address and app version and save disclosed information to attackers server.
From NA to $3000 : Facebook’s URL spoofing vulnerability
Summary: This could have let a malicious user spoof the URL bar of multiple Facebook Android apps by navigating to a different domain on the original tab after a new tab had been opened using the setInterval method.
Continue reading “From NA to $3000 : Facebook’s URL spoofing vulnerability”