Android security checklist: theft of arbitrary files blog.oversecured.com/Android-securi… #android #security #mobilesecurity

Finally! Found 2 high severity vulns in AOSP.😃

Ok, it looks like Android 14's new restrictions on installing older apps have at least partially gone into effect in DP1. I'm now unable to install apps targeting SDK < 23 using session-based installation. I can still install it via ADB (w/o flags) and Package Installer.

We found a fancy new way to conceal XSS payloads! Check it out in our cheat sheet: portswigger.net/web-security/c…

High severity + 1 For today😃

They are so quick!😃 I just submit it last week and then it was rated as high severity and high quality just now. Hope this can get more bounty after the VRP rule changed. #GoogleVRP

Android: mismatching parcel/unparcel logic for WorkSource (CVE-2023-20963) #MobileSecurity #AndroidSecurity by Project Zero Bugs googleprojectzero.github.io/0days-in-the-w…

Outlook for Windows can be tricked into displaying a fake domain, but open another one. Add a <base> tag with a fake domain + left-to-right mark (U+200E) Links in <a> tags will show the fake domain, but open the real domain. No need to buy .zip! :) Convincing #phishing #redteam

A lot BAL tricks get banned.

WhatsApp Pink again WhatsApp Pink malware was first time discovered in 2021, and it is a wormable Android malware that spreads by creating auto-replies to messages in WhatsApp, Signal, Viber, Telegram, etc. #WhatsAppPink #India

Zhenghang(Kiprey) and I will be presenting our research at BlackHat USA 2023 :) Additionally, I would like to express my gratitude to Wenxiang Qian(Wenxiang Qian) and Yiqi Wang(fr3y) for their assistance during the CFP submission process.

Google indeed improved their bug bounty, high severity and high quality issue report gets more $ than before, good! #BugBounty

Our topic "SystemUI As EvilPiP: The Hijacking Attacks on Modern Mobile Devices" has been accepted by blackhat asia. #BHASIA Black Hat

Great day at blackhat asia 2024 #BHASIA