Windows 10: Vulnerability within Twitter for Android Security Issue Now Fixed

Brink · Dec 25, 2019

We recently fixed a vulnerability within Twitter for Android that could allow a bad actor to see nonpublic account information or to control your account (i.e., send Tweets or Direct Messages). Prior to the fix, through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app, it may have been possible for a bad actor to access information (e.g., Direct Messages, protected Tweets, location information) from the app.

We don’t have evidence that malicious code was inserted into the app or that this vulnerability was exploited, but we can’t be completely sure so we are taking extra caution.

We have taken steps to fix this issue and are directly notifying people who could have been exposed to this vulnerability either through the Twitter app or by email with specific instructions to keep them safe. These instructions vary based on what versions of Android and Twitter for Android people are using. We recommend that people follow these instructions as soon as possible. If you are unsure about what to do, update to the latest version of Twitter for Android. This issue did not impact Twitter for iOS.

We’re sorry this happened and will keep working to keep your information secure on Twitter. You can reach out to our Office of Data Protection through this form to request information regarding your account security.
Click to expand...

Source: Blog

:)

Brink · Dec 25, 2019

New StrandHogg vulnerability for Android

Promon security researchers have found proof of a dangerous Android vulnerability, dubbed ‘StrandHogg’, that allows real-life malware to pose as legitimate apps, with users unaware they are being targeted.

What’s the impact?

All versions of Android affected, incl. Android 10*

All top 500 most popular apps are at risk*

Real-life malware is exploiting the vulnerability

36 malicious apps exploiting the vulnerability was identified*

The vulnerability can be exploited without root access

When exploited by hackers

They can listen to the user through the microphone

Take photos through the camera

Read and send SMS messages

Make and/or record phone conversations

Phish login credentials

Get access to all private photos and files on the device

Get location and GPS information

Get access to the contacts list

Access phone logs

Click to expand...

Read more:

StrandHogg: Serious Android vulnerability leaves most apps vulnerable to attacks.

Android: New StrandHogg vulnerability is being exploited in the wild | ZDNet

Yukikaze · Dec 25, 2019

WPA2 Vulnerability Found

A small update with regards to the Microsoft fix. The fix itself is sufficient to solve the issue on Windows, even if your WiFi device has no driver update, with one caveat:

Does this security update fully address these vulnerabilities on Microsoft Platforms, or do I need to perform any additional steps to be fully protected?
The provided security updates address the reported vulnerabilities; however, when affected Windows based systems enter a connected standby mode in low power situations, the vulnerable functionality may be offloaded to installed Wi-Fi hardware. To fully address potential vulnerabilities, you are also encouraged to contact your Wi-Fi hardware vendor to obtain updated device drivers. For a listing of affected vendors with links to their documentation, review the ICASI Multi-Vendor Vulnerability Disclosure statement here: http://www.icasi.org/wi-fi-protected-access-wpa-vulnerabilities

Source: {{windowTitle}}

Brink · Dec 25, 2019

Android Security Bulletin released for December 2019

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2019-12-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version.

Android partners are notified of all issues at least a month before publication. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours. We will revise this bulletin with the AOSP links when they are available.

The most severe of these issues is a critical security vulnerability in the Framework component that could enable a remote attacker using a specially crafted message to cause a permanent denial of service. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.
Click to expand...

Read more:

Android Security Bulletin—December 2019 | Android Open Source Project

Pixel Update Bulletin—December 2019 | Android Open Source Project

Windows 10: Vulnerability within Twitter for Android Security Issue Now Fixed

Vulnerability within Twitter for Android Security Issue Now Fixed

Vulnerability within Twitter for Android Security Issue Now Fixed

Vulnerability within Twitter for Android Security Issue Now Fixed

Vulnerability within Twitter for Android Security Issue Now Fixed - Similar Threads - Vulnerability within Twitter

WinVerifyTrust vulnerability fix

WinVerifyTrust vulnerability fix

Twitter access issues

Twitter access issues

Twitter for Android security vulnerability discovered and fixed

Update on Twitter security incident

New StrandHogg vulnerability for Android

VLC Security Vulnerability

Your Android phone can now be a security key