|
41 | 41 | "internal bug 19334482" |
42 | 42 | ], |
43 | 43 | "description": "Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory corruption) via a crafted application, aka internal bug 19334482.", |
44 | | - "impact": "local unprivilidged app to system app escalation", |
| 44 | + "impact": "local unprivileged app to system app escalation", |
45 | 45 | "external_links": [ |
46 | 46 | "https://groups.google.com/forum/message/raw?msg=android-security-updates/1M7qbSvACjo/Y7jewiW1AwAJ" |
47 | 47 | ], |
|
58 | 58 | "Android Fake ID" |
59 | 59 | ], |
60 | 60 | "description": "The bug allows malicious apps to pretend to be signed by trusted providers and be loaded as extensions in several contexts, such as NFC access, browser plugins and others, depending on the device and which extension mechanisms the manufacturer chose to include.", |
61 | | - "impact": "Local malicious app can elevate privilidges to gain some select access such as browser plugins and NFC.", |
| 61 | + "impact": "Local malicious app can elevate privileges to gain some select access such as browser plugins and NFC.", |
62 | 62 | "external_links": [ |
63 | 63 | "https://bluebox.com/android-fake-id-vulnerability/" |
64 | 64 | ], |
|
75 | 75 | "Stagefright 2.0" |
76 | 76 | ], |
77 | 77 | "description": "Remote code execution as media_server. Fixed in Android 5.1.1_r9/LMY48K", |
78 | | - "impact": "Remote attacker can use a malformed video file to gain code execution with somewhat elevated privilidges. ", |
| 78 | + "impact": "Remote attacker can use a malformed video file to gain code execution with somewhat elevated privileges. ", |
79 | 79 | "external_links": [ |
80 | 80 | "https://threatpost.com/stagefright-2-0-vulnerabilities-affect-1-billion-android-devices/114863/", |
81 | 81 | "https://blog.zimperium.com/zimperium-zlabs-is-raising-the-volume-new-vulnerability-processing-mp3mp4-media/" |
|
110 | 110 | "Object Serialization attack" |
111 | 111 | ], |
112 | 112 | "description": "luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291", |
113 | | - "impact": "Local unprivilidged app can elevate to system user", |
| 113 | + "impact": "Local unprivileged app can elevate to system user", |
114 | 114 | "external_links": [ |
115 | 115 | "http://seclists.org/fulldisclosure/2014/Nov/51" |
116 | 116 | ], |
|
126 | 126 | "ANDROID-21437603/21583894" |
127 | 127 | ], |
128 | 128 | "description": "Local object serialization attack. The OpenSSLX509Certificate class contains native pointers as class members and they are not marked as transient. A Local app can craft a serialized object and pass through binder and ultimately gain code execution as system", |
129 | | - "impact": "Local unprivilidged app to system_server", |
| 129 | + "impact": "Local unprivileged app to system_server", |
130 | 130 | "external_links": [ |
131 | 131 | "https://securityintelligence.com/one-class-to-rule-them-all-new-android-serialization-vulnerability-gives-underprivileged-apps-super-status/", |
132 | 132 | "https://www.usenix.org/conference/woot15/workshop-program/presentation/peles" |
|
144 | 144 | "Masterkey" |
145 | 145 | ], |
146 | 146 | "description": "Zip bug allows modifying apk files without breaking the signature. Essentially, you can replace existing files in an app. Fixed around Android 4.4", |
147 | | - "impact": "A local attacker can modify a system apk file and gain elevated privilidges. A remote attacker can try to trick the user (or another app) into installing the malicious apk file.", |
| 147 | + "impact": "A local attacker can modify a system apk file and gain elevated privileges. A remote attacker can try to trick the user (or another app) into installing the malicious apk file.", |
148 | 148 | "external_links": [ |
149 | 149 | "https://bluebox.com/uncovering-android-master-key-that-makes-99-of-devices-vulnerable/", |
150 | 150 | "http://www.saurik.com/id/17" |
|
162 | 162 | "Masterkey #2" |
163 | 163 | ], |
164 | 164 | "description": "Zip bug allows modifying apk files without breaking the signature. Based on reading unsigned 16 bit numbers from th zip header and interpreting them as signed 32 bit numbers.", |
165 | | - "impact": "A local attacker can modify a system apk file and gain elevated privilidges. A remote attacker can try to trick the user (or another app) into installing the malicious apk file.", |
| 165 | + "impact": "A local attacker can modify a system apk file and gain elevated privileges. A remote attacker can try to trick the user (or another app) into installing the malicious apk file.", |
166 | 166 | "external_links": [ |
167 | 167 | "http://www.androidpolice.com/2013/07/11/second-all-access-apk-exploit-is-revealed-just-two-days-after-master-key-goes-public-already-patched-by-google/" |
168 | 168 | ], |
|
179 | 179 | "Masterkey #3" |
180 | 180 | ], |
181 | 181 | "description": "Zip bug allows modifying apk files without breaking the signature. Based on improper parsing of the 'name' length in the zip file.", |
182 | | - "impact": "A local attacker can modify a system apk file and gain elevated privilidges. A remote attacker can try to trick the user (or another app) into installing the malicious apk file.", |
| 182 | + "impact": "A local attacker can modify a system apk file and gain elevated privileges. A remote attacker can try to trick the user (or another app) into installing the malicious apk file.", |
183 | 183 | "external_links": [ |
184 | 184 | "http://www.saurik.com/id/19" |
185 | 185 | ], |
|
248 | 248 | "altnames": [ |
249 | 249 | "" |
250 | 250 | ], |
251 | | - "description": "Remote Code Execution as System User. Android 5.0+, Samsung. This is yet another non-memory corrupting remote execution on samsung phones.", |
252 | | - "impact": "Remote attacker can gain code execution as system used by getting the user to download an email attachment or brows to a crafted web page.", |
| 251 | + "description": "Remote Code Execution as System User. Android 5.0+, Samsung. This is yet another non-memory corrupting remote execution on Samsung devices.", |
| 252 | + "impact": "Remote attacker can gain code execution as system user by getting the user to download an email attachment or browse to a crafted web page.", |
253 | 253 | "external_links": [ |
254 | 254 | "http://blog.quarkslab.com/remote-code-execution-as-system-user-on-android-5-samsung-devices-abusing-wificredservice-hotspot-20.html" |
255 | 255 | ], |
|
0 commit comments