[FD] Aleph Research: Google Nexus 9 SensorHub Firmware Downgrade Vulnerability (CVE-2017-0582)

ince the April 5 2017 Security Patch Level, where the April Nexus 9 image (N4F26X) has the April 1 2017 Security Patch Level, hence it does not contain the patched bootloader. Credit: = Roee Hay (@roeehay) of Aleph Research, HCL technologies. References: == [1] Aleph Research Vulnerab

[FD] Aleph Research: Google Nexus 9 Cypress SAR Firmware Injection via I2C (CVE-2017-0563)

Title: Google Nexus 9 Cypress SAR Firmware Injection via I2C Identifier: CVE-2017-0563 Product: === Google Nexus 9 Vulnerable Version: Nexus 9 Android Builds before N4F27B - May 2017, i.e. before bootloader 3.50.0.0143. Mitigation: = Install N4F27B or

[FD] Aleph Research: Attacking Nexus 9 with Malicious Headphones (CVE-2017-0510)

full details: https://alephsecurity.com/2017/03/08/nexus9-fiq-debugger/ Credit: 1. Roee Hay (@roeehay), Aleph Research, HCL Technologies. 2. Sagi Kedmi (@sagikedmi) ::DISCLAIMER

[FD] Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)

Hi, We have recently discovered a vulnerability in the Dropbox SDK for Android. This vulnerability may enable theft of sensitive information from apps that use the vulnerable Dropbox SDK both locally by malware and also remotely by using drive-by exploitation techniques. The vulnerability is iden

[FD] Android KeyStore Stack Buffer Overflow (CVE-2014-3100)

Hi, We have discovered a stack-based buffer overflow in the Android KeyStore service which affects Android 4.3 and below. The issue was patched in Android 4.4. The vulnerability is identified as CVE-2014-3100. More details are available at: 1. Blog post: http://ibm.co/1pbk4yH 2. Advisory: http: