➠ CVE-2023-0460
The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main App’s ClassLoader. A potential vulnerability in the binding logic used by the client SDK where the SDK ends up calling bindService() on a malicious app rather than YT Main App. This creates a vulnerability where the SDK can load the malicious app’s ClassLoader instead, allowing the malicious app to load arbitrary code into the calling app whenever the embedded SDK is invoked. In order to trigger this vulnerability, an attacker must masquerade the Youtube app and install it on a device, have a second app that uses the Embedded player and typically distribute both to the victim outside of the Play Store....
Zur Startseite
➤ Ähnliche Beiträge für 'CVE-2023-0460'
The July 2023 Security Update Review
vom 923.33 Punkte
It’s the second Tuesday of the month, which means Adobe and Microsoft have released their latest security patches. Take a break from your regularly scheduled activities and join us as we review the details of their latest advisories. If you’d rat
The June 2023 Security Update Review
vom 756.35 Punkte
It’s the second Tuesday of the month, which means Adobe and Microsoft have released their latest security patches. Take a break from your regularly scheduled activities and join us as we review the details of their latest advisories. If you’d rat
The October 2023 Security Update Review
vom 751.95 Punkte
Twenty years ago this month, Microsoft introduced the concept of “Patch Tuesday” – although the marketing folks wanted it called “Update Tuesday” (they didn’t like the word “patch”). Over the years, more companies joined the Patch Tuesd
The April 2023 Security Update Review
vom 711.01 Punkte
It’s the second Tuesday of the month, which means Adobe and Microsoft (and others) have released their latest security patches. Take a break from your regularly scheduled activities and join us as we review the details of the latest offerings from Micros
The January 2023 Security Update Review
vom 693.34 Punkte
Welcome to the first patch Tuesday of the new year. As expected, Adobe and Microsoft have released their latest fixes and updates. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.A
The August 2023 Security Update Review
vom 650.21 Punkte
Greetings from hacker summer camp! Black Hat and DEFCON start this week, but let’s kick everything off with Patch Tuesday and the latest security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as
The November 2023 Security Update Review
vom 617.04 Punkte
It’s the penultimate second Tuesday of 2023, and Microsoft and Adobe have released their latest security patches into the crisp, fall air. Take a break from your scheduled activities and join us as we review the details of their latest advisories. If you’d
USN-3415-1: tcpdump vulnerabilities
vom 593.84 Punkte
Ubuntu Security Notice USN-3415-1
13th September, 2017
tcpdump vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
Ubuntu 17.04
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
Summary
Several security issues were fixe
USN-3415-2: tcpdump vulnerabilities
vom 593.84 Punkte
Ubuntu Security Notice USN-3415-2
13th September, 2017
tcpdump vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
Ubuntu 12.04 LTS
Summary
Several security issues were fixed in tcpdump
Software description
tcpdump
The March 2023 Security Update Review
vom 583.87 Punkte
Happy Pi Day, and welcome to the third patch Tuesday of 2023 and the final patch Tuesday before Pwn2Own Vancouver. Take a break from your regularly scheduled activities and join us as we review the details of the latest security offerings from Microso
The February 2023 Security Update Overview
vom 545.16 Punkte
Welcome to the second patch Tuesday of 2023. On this romantic holiday, Microsoft and Adobe have released their latest security patches as Valentine’s gifts for us all. Take a break from your regularly scheduled activities (or Pwn2Own Miami) and join us as we review the details of their latest security offerings.Adobe Patches for February
Build your own CMS using low-code
vom 527.79 Punkte
In this tutorial, We will build CMS(Content Management System) using the ToolJet which is a lowcode application development platform. The CMS can be used to perform CRUD operations to the MongoDB which is used as the database for the NextJS application.