Abusing Android ClipData

Overview This is going to be a quick and dirty post on some insecurities on using the Android's ClipBoardManager when making security critical decisions. The Clipboard Framework When you use Android's Clipboard Framework, you put data into a clip object, and then put that clip object on the system-wide clipboard.…

ZipInputStream Armageddon

Overview For those who are not aware of the ZipInputStream Armageddon, it is happening right now ... and yes, it is just as bad as the movie. THIS: http://blog.quarkslab.com/remote-code-execution-as-system-user-on-android-5-samsung-devices-abusing-wificredservice-hotspot-20.html IS: https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/ A: http://rotlogix.com/2015/08/22/…