Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 2

Privilege escalation in Google Android
CVE-2013-6282

Privilege escalation

The vulnerability allows a local attacker to obtain elevated privileges on the target system.

The weakness exists due to an error in the put_user/get_user kernel API. A local attacker can use a malicious application to read and write kernel memory and gain kernel privileges on the system.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was exploited against Android devices in October and November 2013. The vulnerability is originally in SE Linux kernel.

Software: Google Android

Known/fameous malware:

Gooligan.

The vulnerability was exploited against Android devices in October and November 2013. The vulnerability is originally in SE Linux kernel.

Security bypass in Google Android
CVE-2013-7372

Security bypass

The vulnerability allows a renote attacker to bypass security restriction on the target system.

The weakness is due to the use of an incorrect offset value by the engineNextBytes function in Apache Harmony, as used in the Java Cryptography Architecture (JCA) in Android . A remote attacker can leverage the resulting PRNG predictability, defeat cryptographic protection mechanisms and launch further attacks on the system.

Successful exploitation of the vulnerablity results in security bypass on the vulnerable system.
i

The vulnerability in Android's component Apache Harmony led to multiple compromises of a bitcoin transactions.

Software: Google Android

The vulnerability in Android's component Apache Harmony led to multiple compromises of a bitcoin transactions.