Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Xperia l1 firmware'
2019-04-25
CVE-2018-14983
CWE-20
The Sony Xperia L1 Android device with a build fingerprint of Sony/G3313/G3313:7.0/43.0.A.6.49/2867558199:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by Sony or another entity in the supply chain. The system_server process in the core android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taking of a screenshot and have the resulting screenshot be written to external storage. The taking of a screenshot is not transparent to the user; the device has a screen animation as the screenshot is taken and there is a notification indicating that a screenshot occurred. If the attacking app also requests the EXPAND_STATUS_BAR permission, it can wake the device up using certain techniques and expand the status bar to take a screenshot of the user's notifications even if the device has an active screen lock. The notifications may contain sensitive data such as text messages used in two-factor authentication. The system_server process that provides this capability cannot be disabled, as it is part of the Android framework. The notification can be removed by a local Denial of Service (DoS) attack to reboot the device.
>>>
Vendor:
SONY
70
Produkty
Vaio manual cybersupport
Playstation portable
First4internet xcp content management
Sonicstage mastering studio
Vaio media server
Playstation 3
Sony network camera snc-p5
Micro vault fingerprint access software
Sonicstage connect player
Axruploadserver activex control
Imagestation
Mylo com 2
Bravia tv
Smartwi connection utillity
Vaio easy connect
Vaio pc wireless lan wizard
Vaio wireless wizard
Sound forge
Dvd architect pro
Dvd architect studio
Moviez hd
Snc ch140
Snc ch180
Snc ch240
Snc ch280
Snc dh140
Snc dh140t
Snc dh180
Snc dh240
Snc dh240t
Snc dh280
Snc series firmware
Pcs-xg77 firmware
Pcs-xc1 firmware
Pcs-xg100 firmware
Wg-c10 firmware
Nfc port firmware
Pc/sc activator for type b
Nfc net installer
Sfcard viewer 2
Nfc port software remover
Media go
Music center
Content manager assistant
Playmemories home
Snc-eb600 firmware
Snc-eb600b firmware
Snc-eb602r firmware
Snc-eb630 firmware
Snc-eb630b firmware
Snc-eb632r firmware
Snc-em600 firmware
Snc-em601 firmware
Snc-em602r firmware
Snc-em602rc firmware
Snc-em630 firmware
Snc-em631 firmware
Snc-em632r firmware
Snc-em632rc firmware
Digital paper app
Music center for pc
Neural network libraries
Xperia l1 firmware
Xperia z4 firmware
Vaio update
Bravia firmware
Catalyst browse
Catalyst production suite
Audio usb driver
Hap music transfer
Copyright
2024
, cxsecurity.com
Back to Top