|
Stagefright (bug)
Stagefright is the name given to a group of software bugs that affect versions from 2.2 "Froyo" up until 5.1.1 "Lollipop" of the Android operating system exposing an estimated 950 million devices (95% of all Android devices) at the time. The name is taken from the affected library, which among other things, is used to unpack MMS messages. Exploitation of the bug allows an attacker to perform arbitrary operations on the victim's device through remote code execution and privilege escalation. Security researchers demonstrate the bugs with a proof of concept that sends specially crafted MMS messages to the victim device and in most cases requires no end-user actions upon message reception to succeed—the user doesn't have to do anything to 'accept' exploits using the bug; it happens in the background. A phone number is the only information needed to carry out the attack. The underlying attack vector exploits certain integer overflow vulnerabilities in the Android core componen ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Zimperium
Zimperium, Inc. is a privately owned mobile security company based in the United States and headquartered in Dallas, Texas. Zimperium provides a mobile security platform purpose-built for enterprise environments. History Zimperium, Ltd. was founded in 2010 by its Chairman and CTO Itzhak Avraham. In 2011, Elia Yehuda, joined as a co-founder. In 2013, the assets of Zimperium, Ltd. were acquired by Zimperium, Inc., and the new company was incorporated in Delaware. In 2014, Zimperium, Inc. released zIPS Android app (Intrusion Prevention System), a smartphone software that uses Machine learning to monitor user habits to detect and prevent possible Phone hacking. In 2015, Zimperium, Inc. researched and developed security systems against a group of software bugs that affect a series of Android operating systems called Stagefright (bug). In 2016, the company partnered with BlackBerry. The partnership consisted in integration of zIPS by Zimperium for enhancing Mobile security on iOS an ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Integer Overflow
In computer programming, an integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented with a given number of digits – either higher than the maximum or lower than the minimum representable value. The most common result of an overflow is that the least significant representable digits of the result are stored; the result is said to ''wrap'' around the maximum (i.e. modulo a power of the radix, usually two in modern computers, but sometimes ten or another radix). An overflow condition may give results leading to unintended behavior. In particular, if the possibility has not been anticipated, overflow can compromise a program's reliability and security. For some applications, such as timers and clocks, wrapping on overflow can be desirable. The C11 standard states that for unsigned integers, modulo wrapping is the defined behavior and the term overflow never applies: "a computation involving un ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Forbes
''Forbes'' () is an American business magazine owned by Integrated Whale Media Investments and the Forbes family. Published eight times a year, it features articles on finance, industry, investing, and marketing topics. ''Forbes'' also reports on related subjects such as technology, communications, science, politics, and law. It is based in Jersey City, New Jersey. Competitors in the national business magazine category include ''Fortune'' and ''Bloomberg Businessweek''. ''Forbes'' has an international edition in Asia as well as editions produced under license in 27 countries and regions worldwide. The magazine is well known for its lists and rankings, including of the richest Americans (the Forbes 400), of the America's Wealthiest Celebrities, of the world's top companies (the Forbes Global 2000), Forbes list of the World's Most Powerful People, and The World's Billionaires. The motto of ''Forbes'' magazine is "Change the World". Its chair and editor-in-chief is Steve Fo ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Patch (computing)
A patch is a set of changes to a computer program or its supporting data designed to update, fix, or improve it. This includes fixing security vulnerabilities and other bugs, with such patches usually being called bugfixes or bug fixes. Patches are often written to improve the functionality, usability, or performance of a program. The majority of patches are provided by software vendors for operating system and application updates. Patches may be installed either under programmed control or by a human programmer using an editing tool or a debugger. They may be applied to program files on a storage device, or in computer memory. Patches may be permanent (until patched again) or temporary. Patching makes possible the modification of compiled and machine language object programs when the source code is unavailable. This demands a thorough understanding of the inner workings of the object code by the person creating the patch, which is difficult without close study of the sourc ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Zero-day Vulnerability
A zero-day (also known as a 0-day) is a computer-software vulnerability previously unknown to those who should be interested in its mitigation, like the vendor of the target software. Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network. An exploit taking advantage of a zero-day is called a zero-day exploit, or zero-day attack. The term "zero-day" originally referred to the number of days since a new piece of software was released to the public, so "zero-day software" was obtained by hacking into a developer's computer before release. Eventually the term was applied to the vulnerabilities that allowed this hacking, and to the number of days that the vendor has had to fix them. Once the vendors learn of the vulnerability, they will usually create patches or advise workarounds to mitigate it. The more recently that the vendor has become aware of the vulnerability, the more likely it is that no fix or mit ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Heap Overflow
A heap overflow, heap overrun, or heap smashing is a type of buffer overflow that occurs in the heap data area. Heap overflows are exploitable in a different manner to that of stack-based overflows. Memory on the heap is dynamically allocated at runtime and typically contains program data. Exploitation is performed by corrupting this data in specific ways to cause the application to overwrite internal structures such as linked list pointers. The canonical heap overflow technique overwrites dynamic memory allocation linkage (such as malloc metadata) and uses the resulting pointer exchange to overwrite a program function pointer. For example, on older versions of Linux, two buffers allocated next to each other on the heap could result in the first buffer overwriting the second buffer's metadata. By setting the in-use bit to zero of the second buffer and setting the length to a small negative value which allows null bytes to be copied, when the program calls free() on the first buf ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Repository (revision Control)
In version control systems, a repository is a data structure that stores metadata for a set of files or directory structure. Depending on whether the version control system in use is distributed, like Git or Mercurial, or centralized, like Subversion, CVS, or Perforce, the whole set of information in the repository may be duplicated on every user's system or may be maintained on a single server. Some of the metadata that a repository contains includes, among other things, a historical record of changes in the repository, a set of commit objects, and a set of references to commit objects, called ''heads''. The main purpose of a repository is to store a set of files, as well as the history of changes made to those files. Exactly how each version control system handles storing those changes, however, differs greatly. For instance, Subversion in the past relied on a database instance but has since moved to storing its changes directly on the filesystem. These differences in storage tech ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Bugfix
A patch is a set of changes to a computer program or its supporting data designed to update, fix, or improve it. This includes fixing security vulnerabilities and other bugs, with such patches usually being called bugfixes or bug fixes. Patches are often written to improve the functionality, usability, or performance of a program. The majority of patches are provided by software vendors for operating system and application updates. Patches may be installed either under programmed control or by a human programmer using an editing tool or a debugger. They may be applied to program files on a storage device, or in computer memory. Patches may be permanent (until patched again) or temporary. Patching makes possible the modification of compiled and machine language object programs when the source code is unavailable. This demands a thorough understanding of the inner workings of the object code by the person creating the patch, which is difficult without close study of the source c ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Google
Google LLC () is an American multinational technology company focusing on search engine technology, online advertising, cloud computing, computer software, quantum computing, e-commerce, artificial intelligence, and consumer electronics. It has been referred to as "the most powerful company in the world" and one of the world's most valuable brands due to its market dominance, data collection, and technological advantages in the area of artificial intelligence. Its parent company Alphabet is considered one of the Big Five American information technology companies, alongside Amazon, Apple, Meta, and Microsoft. Google was founded on September 4, 1998, by Larry Page and Sergey Brin while they were PhD students at Stanford University in California. Together they own about 14% of its publicly listed shares and control 56% of its stockholder voting power through super-voting stock. The company went public via an initial public offering (IPO) in 2004. In 2015, Google was reor ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Fortune (magazine)
''Fortune'' is an American multinational corporation, multinational business magazine headquartered in New York City. It is published by Fortune Media Group Holdings, owned by Thai businessman Chatchaval Jiaravanon. The publication was founded by Henry Luce in 1929. The magazine competes with ''Forbes'' and ''Bloomberg Businessweek'' in the national business magazine category and distinguishes itself with long, in-depth feature articles. The magazine regularly publishes ranked lists, including the Fortune 500, ''Fortune'' 500, a ranking of companies by revenue that it has published annually since 1955. The magazine is also known for its annual ''Fortune Investor's Guide''. History ''Fortune'' was founded by ''Time (magazine), Time'' magazine co-founder Henry Luce in 1929 as "the Ideal Super-Class Magazine", a "distinguished and de luxe" publication "vividly portraying, interpreting and recording the Industrial Civilization". Briton Hadden, Luce's business partner, was not enthu ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
CVE Identifier
The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The United States' National Cybersecurity FFRDC, operated by The MITRE Corporation, maintains the system, with funding from the US National Cyber Security Division of the US Department of Homeland Security. The system was officially launched for the public in September 1999. The Security Content Automation Protocol uses CVE, and CVE IDs are listed on Mitre's system as well as in the US National Vulnerability Database.cve.mitre.org CVE International in scope and free for public use, CVE is a dictionary of publicly known information security vulnerabilities and exposures. Background A |
Android Open Source Project
Android is a mobile operating system based on a modified version of the Linux kernel and other open-source software, designed primarily for touchscreen mobile devices such as smartphones and tablets. Android is developed by a consortium of developers known as the Open Handset Alliance and commercially sponsored by Google. It was unveiled in November 2007, with the first commercial Android device, the HTC Dream, being launched in September 2008. Most versions of Android are proprietary. The core components are taken from the Android Open Source Project (AOSP), which is free and open-source software (FOSS) primarily licensed under the Apache License. When Android is installed on devices, the ability to modify the otherwise free and open-source software is usually restricted, either by not providing the corresponding source code or by preventing reinstallation through technical measures, thus rendering the installed version proprietary. Most Android devices ship with additi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
.png "Click for more on -> Repository (revision Control)")
