Su Mon Kywe

Mobile Threat Blog Posts | Appthority

A recent advancement in crash reporting SDKs enables developers to record in-app screens, so that they know the exact state of an app before it crashes. This opens up doors for new exploits in enterprise mobile environments, as third-parties are increasingly recording mobile screens for debugging purpose and sending them ... Read More

On Aug 6, 2018 Google released an Android Security Bulletin containing details of security vulnerabilities affecting Android devices. Android security updates normally include two parts: general updates that affect most users and the updates affecting specific partners, such as hardware partners like NVIDIA, Broadcom and Qualcomm. Here we’ve summarized the ... Read More

A fitness app, called Polar Flow, was recently found to be exposing the name, profile picture and whereabouts of high-ranking military personnel by oversharing user location data. Unfortunately, this is not the only security incident leaking user location. Back in February, Appthority noted how students had been able to piece ... Read More

On July 2, 2018 Google released an Android Security Bulletin containing details of security vulnerabilities affecting Android devices. Android security updates normally include two parts: general updates that affect most users and the updates affecting specific partners, such as hardware partners like NVIDIA, Broadcom and Qualcomm. Here we’ve summarized the ... Read More

On June 4, 2018 Google released an Android Security Bulletin containing details of security vulnerabilities affecting Android devices. Android security updates normally include two parts: general updates that affect most users and the updates affecting specific partners, such as hardware partners like NVIDIA, Broadcom and Qualcomm. Here we’ve summarized the ... Read More

iOS version 11.4 was released on May 29, 2018, and the following 31 vulnerabilities are fixed in this security update: 10 WebKit vulnerabilities – These vulnerabilities allow maliciously crafted web content to execute arbitrary code on mobile devices. These issues are fixed with improved memory handling, input validation, locking and ... Read More

On May 15, 2018, Pangu Lab announced the ZipperDown vulnerability, which allows a remote code execution attack on iOS apps. Although Pangu Lab did not disclose the details of the ZipperDown vulnerability, we can infer from its researcher’s public comments and Weibo’s incident response, that the vulnerability exists in the ... Read More

On May 7, 2018 Google released an Android Security Bulletin containing details of security vulnerabilities affecting Android devices. Android security updates normally include two parts: general updates that affect most users and the updates affecting specific partners, such as hardware partners like NVIDIA, Broadcom and Qualcomm. Here we’ve summarized the ... Read More

Mobile risks come in a variety of shapes and sizes. Some are invisible, some hide in plain sight. Among the latter are ad-supported apps. With the Facebook and Cambridge Analytica scandals in the news, the Appthority Mobile Threat Team wanted to put some numbers around how many of apps are ... Read More

On April 4, 2018 Google released an Android Security Bulletin containing details of security vulnerabilities affecting Android devices. Android security updates normally include two parts: general updates that affect most users and the updates affecting specific partners, such as hardware partners like NVIDIA, Broadcom and Qualcomm. Here we’ve summarized the ... Read More