RSS   Podatności dla 'Xperia l1 firmware'   RSS

2019-04-25
 
CVE-2018-14983

CWE-20
 

 
The Sony Xperia L1 Android device with a build fingerprint of Sony/G3313/G3313:7.0/43.0.A.6.49/2867558199:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by Sony or another entity in the supply chain. The system_server process in the core android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taking of a screenshot and have the resulting screenshot be written to external storage. The taking of a screenshot is not transparent to the user; the device has a screen animation as the screenshot is taken and there is a notification indicating that a screenshot occurred. If the attacking app also requests the EXPAND_STATUS_BAR permission, it can wake the device up using certain techniques and expand the status bar to take a screenshot of the user's notifications even if the device has an active screen lock. The notifications may contain sensitive data such as text messages used in two-factor authentication. The system_server process that provides this capability cannot be disabled, as it is part of the Android framework. The notification can be removed by a local Denial of Service (DoS) attack to reboot the device.

 

 >>> Vendor: SONY 68 Produkty
Vaio manual cybersupport
Playstation portable
First4internet xcp content management
Sonicstage mastering studio
Vaio media server
Playstation 3
Sony network camera snc-p5
Micro vault fingerprint access software
Sonicstage connect player
Axruploadserver activex control
Imagestation
Mylo com 2
Bravia tv
Smartwi connection utillity
Vaio easy connect
Vaio pc wireless lan wizard
Vaio wireless wizard
Dvd architect pro
Dvd architect studio
Moviez hd
Sound forge
Snc ch140
Snc ch180
Snc ch240
Snc ch280
Snc dh140
Snc dh140t
Snc dh180
Snc dh240
Snc dh240t
Snc dh280
Snc series firmware
Pcs-xg77 firmware
Pcs-xc1 firmware
Pcs-xg100 firmware
Wg-c10 firmware
Nfc port firmware
Pc/sc activator for type b
Nfc net installer
Sfcard viewer 2
Nfc port software remover
Media go
Music center
Content manager assistant
Playmemories home
Snc-eb600 firmware
Snc-eb600b firmware
Snc-eb602r firmware
Snc-eb630 firmware
Snc-eb630b firmware
Snc-eb632r firmware
Snc-em600 firmware
Snc-em601 firmware
Snc-em602r firmware
Snc-em602rc firmware
Snc-em630 firmware
Snc-em631 firmware
Snc-em632r firmware
Snc-em632rc firmware
Digital paper app
Music center for pc
Neural network libraries
Xperia l1 firmware
Xperia z4 firmware
Vaio update
Bravia firmware
Catalyst browse
Catalyst production suite


Copyright 2020, cxsecurity.com

 

Back to Top