The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.
Tag: Android
ASA-2019-00554 – WhatsApp: Double free vulnerability in the DDGifSlurp function
A double free vulnerability in the DDGifSlurp function in decoding.c in libpl_droidsonroids_gif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service.
ASA-2019-00155 – Telegram: Internationalized domain name (IDN) homograph attacks
Telegram (tested on all mobile versions and Linux and Windows for desktop) is vulnerable to an IDN homograph attack when displaying messages containing URLs. Homograph attack is a security vulnerability that can deceive users into thinking they are visiting a certain website when in fact they are directed to a different, but homograph, domain name. This type of vulnerability can be used to weaponize social engineering, increasing the chances for a successful attack.
ASA-2019-00154 – Signal Private Messenger: Internationalized domain name (IDN) homograph attacks
Signal Desktop and Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. Homograph attack is a security vulnerability that can deceive users into thinking they are visiting a certain website when in fact they are directed to a different, but homograph, domain name. This type of vulnerability can be used to weaponize social engineering, significantly increasing the chances for a successful attack.
ASA-2019-00083 – Linux: Binder use-after-free of VMA via race between reclaim and munmap
There is a race condition between the direct reclaim path (enters binder through the binder_shrinker) and the munmap() syscall (enters binder through the ->close handler of binder_vm_ops).
ASA-2019-00082 – Linux kernel: Binder use-after-free via fdget() optimization
The linux kernel since commit 7f3dc0088b98 ("binder: fix proc->files use-after-free") contains an use-after-free in the Binder IPC mechanism via fdget() optimization.