Android Exploit Code | Breaking Cybersecurity News | The Hacker News

Well, there's some good news for Hackers and Bug hunters, though a terrible news for Apple! Exploit vendor Zerodium has tripled its bug bounty for an Apple's iOS 10 zero-day exploit, offering a maximum payout of $US1.5 Million. Yes, $1,500,000.00 Reward. That's more than seven times what Apple is offering (up to $200,000) for iOS zero-days via its private, invite-only bug bounty program. Zerodium, a startup by the infamous French-based company Vupen that buys and sells zero-day exploits to government agencies around the world, previously offered US$500,000 for remote iOS 9 jailbreaks, which was temporarily increased to $1 Million for a competition help by the company last year. The company paid out $1 million contest reward for the first three iOS 9 zero-days in November to an unnamed hacker group, then lowered the price again to $500,000. With the recent release of iOS 10, Zerodium has agreed to pay $1.5 Million to anyone who can pull off a remote jail

Zimperium Mobile Security Labs (zLabs) have been working hard to make Android operating system more safe and secure to use. Zimperium team has publicly released the CVE-2015-1538 Stagefright Exploit , demonstrating the process of Remote Code Execution (RCE) by an attacker. The released exploit is a python code creating an MP4 exploiting the 'stsc' vulnerability dubbed Stagefright. The purpose behind the release is to put penetration testers and security researchers to test and check the vulnerability of the code and analyze the results. Considered as the most critical flaw among all the existing vulnerabilities; the Stagefright flaw is capable of revealing user's information remotely by injecting malicious code, even without any involvements of the user. Two months ago, Zimperium Labs uncovered multiple vulnerabilities in 'libstagefright,' a service attached with the software-based codecs natively in Android smartphones for media playback. The vulnera

Social media accounts help shape a brand's identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many lack the safeguards to prevent unauthorized access — a situation no organization wants as it can quickly spiral to include reputational damage and financial losses.  With the impact this high, the need for deep understanding of social media risks as well as how to protect an organization's social media account are more crucial than ever. This article dives into the details of social media accounts, how social media can be misused and how to protect oneself. Understanding the Layers of Social Media Access Platforms like Facebook, Instagram, and LinkedIn typically have two layers of access.  The Public Facing Page : where brands post content and engage with users.  The Advertis

A serious security vulnerability has been discovered in the default web browser of the Android OS lower than 4.4 running on a large number of Android devices that allows an attacker to bypass the Same Origin Policy (SOP). The Android Same Origin Policy (SOP) vulnerability ( CVE-2014-6041 ) was first disclosed right at the beginning of September 2014 by an independent security researcher Rafay Baloch. He found that the AOSP (Android Open Source Platform) browser installed on Android 4.2.1 is vulnerable to Same Origin Policy (SOP) bypass bug that allows one website to steal data from another. Security researchers at Trend micro in collaboration with Facebook have discovered many cases of Facebook users being targeted by cyber attacks that actively attempt to exploit this particular flaw in the web browser because the Metasploit exploit code is publicly available, which made the exploitation of the vulnerability much easier. The Same Origin Policy is one of the guidin

A security weakness in Android mobile operating system versions below 5.0 that puts potentially every Android device at risk for privilege escalation attacks, has been patched in  Android 5.0 Lollipop  – the latest version of the mobile operating system. The security vulnerability ( CVE-2014-7911 ), discovered by a security researcher named Jann Horn , could allow any potential attacker to bypass the Address Space Layout Randomization (ASLR) defense and execute arbitrary code of their choice on a target device under certain circumstances. ASLR is a technique involved in protection from buffer overflow attacks. The flaw resides in java.io.ObjectInputStream , which fails to check whether an Object that is being deserialized is actually a serializable object. The vulnerability was reported by the researcher to Google security team earlier this year. According to the security researcher, android apps can communicate with system_service, which runs under admin privileges