Keyring Vulnerability (CVE-2016-0728)
A malicious app can exploit this vulnerability to run arbitrary code as the system user, enabling it to potentially take control of the device.
Zipfury Path Traversal Vulnerability (CVE-2015-8780)
A malicious party can craft a special backup archive, which when restored to a vulnerable device, allows the malicious party to place files in arbitrary locations on the device, including privileged system locations.
WIFIHS20UTILITYSERVICE VULNERABILITY (CVE-2015-7888)
The WifiHs20UtilityService vulnerability allows attackers to write a controlled file to an arbitrary path as the system user on certain devices.
STAGEFRIGHT VULNERABILITY (CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829, CVE-2015-3876, CVE-2015-6602, CVE-2015-3864)
A remotely exploitable software defect that affects the Android operating system, it allows an attacker to perform arbitrary operations on the victim device through remote code execution and privilege elevation.
LOCK SCREEN BYPASS VULNERABILITY (CVE-2015-3860)
The Lock Screen Bypass vulnerability allows anybody with physical access to the device to potentially unlock it without knowing the correct password.
SERIALIZATION VULNERABLITY (CVE-2015-3825)
The Serialization vulnerability allows attackers to execute arbitrary code with escalated privileges, enabling them to take over the device. This is due to a flawed OpenSSLX509Certificate implementation in the Android operating system.
ANDROID BROWSER SAME ORIGIN POLICY SECURITY BYPASS VULNERABILITY
Allows an attacker to bypass the same origin policy in the Android Open Source Project (AOSP) browser by convincing a user to visit a malicious website. Once the bug is exploited, the attacker could view any Web page open on the AOSP browser.
APACHE CORDOVA VULNERABILITY
Apache Cordova is a widely used development toolkit used to build apps. Many Android apps, especially banking apps, are open to attack due to a vulnerability in earlier versions of the Apache Cordova platform. This vulnerability can be used to remotely extract user’s information, including login credentials.
FAKE ID VULNERABILITY
Allows malicious apps to break out of a key security sandbox and gain access to parts of the Android OS that are usually out of bounds. These apps “fake” certain Android credentials to gain access and steal users’ personal information (passwords, financial information, etc.).
MASTER KEY EXPLOIT
Malware that hijacks installed apps and turns them into malicious Trojans that can access personal information. Infected devices can be used to steal user data or to create a mobile botnet.
LOCK SCREEN BYPASS EXPLOIT
Variations of this exploit allows attackers to gain access to your device by bypassing the PIN/password/pattern lock screen.