Showing Posts From
December 2013
- 20 Dec 2013
Google AdMob Ad Library - Arbitrary Intent Activity Invocation
A vulnerability was discovered in the Google AdMob SDK for Android that allows attackers to manipulate Intent Activities by injecting JavaScript into a WebView. The vulnerability enables arbitrary activity invocation by controlling multiple parameters passed to the 'startActivity' method. Potential remote exploitation can occur by targeting exposed activities in other Android applications.
-
John Fitzpatrick Luke Jennings - 20 Dec 2013
Hack the Gibson - Deepsec Edition
A presentation at Deepsec 2013 explored security vulnerabilities in supercomputer technologies. John Fitzpatrick and Luke Jennings from MWR discussed potential attacks against common supercomputer systems. The presentation slides are available for download, providing insights into supercomputer security challenges.
- 20 Dec 2013
HackFu 2013: The Movie
A teaser video for HackFu 2013 was released, presenting a puzzle for viewers to solve without hacking or brute force methods. The video hints at the upcoming HackFu 2014 event scheduled for June 26-28, 2014. Participants are challenged to solve the puzzle while allowing others the opportunity to do so independently.
- 20 Dec 2013
PontiFlex Ad Library - Remote JavaScript Command Execution
A critical vulnerability was discovered in the PontiFlex ad library for Android that enables remote JavaScript command execution. The flaw allows attackers to download and execute arbitrary code, perform directory traversal, and potentially steal files from mobile applications through manipulated WebView JavaScript interfaces. The vulnerability impacts Android apps using the PontiFlex ad library, potentially exposing millions of users to remote code execution risks.