CVE-2018-9539: Use-after-free vulnerability in privileged Android service

( Original text by Tamir Zahavi-Brunner ) As part of our platform research in Zimperium zLabs, I have recently discovered a vulnerability in a privileged Android service called MediaCasService and reported it to Google. Google designated it as CVE-2018-9539 and patched it in the November security update (2018-11-01 patch level). In this blog post, I will describe the technical […]

Read More

CVE-2018-9411: New critical vulnerability in multiple high-privileged Android services

( Original text by Tamir Zahavi-Brunner ) As part of our platform research in Zimperium zLabs, I have recently discloseda a critical vulnerability affecting multiple high-privileged Android services to Google. Google designated it as CVE-2018-9411 and patched it in the July security update (2018-07-01 patch level), including additional patches in the September security update (2018-09-01 patch level). I also wrote […]

Read More

ReverseAPK — Quickly Analyze And Reverse Engineer Android Packages

Quickly analyze and reverse engineer Android applications. FEATURES: Displays all extracted files for easy reference Automatically decompile APK files to Java and Smali format Analyze AndroidManifest.xml for common vulnerabilities and behavior Static source code analysis for common vulnerabilities and behavior Device info Intents Command execution SQLite references Logging references Content providers Broadcast recievers Service references File references Crypto references Hardcoded secrets URL’s Network […]

Read More