Saturday, February 4, 2023

No Result

View All Result

Home
Exploits
Lenovo Diagnostics Driver Memory Access

macOS Dirty Cow Arbitrary File Write Local Privilege Escalation

F5 Big-IP Create Administrative User

Oracle Database 12.1.0.2 Spatial Component Privilege Escalation

Packet Storm New Exploits For January, 2023

io_uring Same Type Object Reuse Privilege Escalation

vmwgfx Driver File Descriptor Handling Privilege Escalation

eCommerce Marketplace Platform CMS 1.7 SQL Injection

eCommerce Marketplace Platform CMS 1.7 Cross Site Scripting
Trending Tags
Hacking News

Malicious Reward Apps Trick Over 2 Million Android Users

New SH1MMER ChromeOS Exploit Jailbreaks Chromebooks

Serious 2FA Bypass Vulnerability Affected Facebook And Instagram

Multiple Vulnerabilities In Yellowfin BI Could Allow RCE Attacks

LearnPress Plugin Vulnerabilities Risk Numerous WordPress Sites

TROJANPUZZLE Attack Forces AI Assistants to Suggest Rogue Coding

Multiple Vulnerabilities Found In Samsung Galaxy App Store App

Researchers Find Class Pollution-A Prototype Pollution Variant That Affects Python

Be on the lookout for this AnyDesk Phishing campaign that delivers Vidar info stealer
Hacking Tools
Test3213

Test 2

test

Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

Here are some tips for students to help protect their data privacy

Client-Side Exploitation [FREE COURSE VIDEO]

What Common Security Problems Are Cloud-Based Networks?

Penetration testing OWASP Top 10 Vulnerabilities [FREE COURSE CONTENT]

OSINT Fundamentals [FREE COURSE CONTENT]
Trending Tags
Hacking Tutorials

Test3213

Test 2

test

Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

Here are some tips for students to help protect their data privacy

Client-Side Exploitation [FREE COURSE VIDEO]

What Common Security Problems Are Cloud-Based Networks?

Penetration testing OWASP Top 10 Vulnerabilities [FREE COURSE CONTENT]

OSINT Fundamentals [FREE COURSE CONTENT]
Kali Linux
ExchangeFinder : Find Microsoft Exchange Instance For A Given Domain And Identify The Exact Version

Villain : Windows And Linux Backdoor Generator And Multi-Session Handler

PXEThief : Extract Passwords From The Operating System Deployment Functionality

The Terminal Application Cypherhound contains 260+ Neo4j Cyphers for BloodHound DataSets

Subparse: Modular Malware Analysis Artifact Collection And Correlation Framework

Should South East Asian Tech Startups Consider Outsourcing Support?

AzureHound : Azure Data Exporter For BloodHound

Xerror is an automated penetration testing tool with GUI

Mongoaudit is an audit and pentesting tool for MongoDB databases
Trending Tags
Security

Beware: Malicious Apps On Apple & Google Play Push Users into Fake Investments

India’s Largest Truck Brokerage Company Leaking 140GB of Data

EV Charging Stations at Risk of DoS Attacks

Most Important Computer Forensics Tools for 2023

New DDoS-as-a-Service Platform Attacking Medical Institutions

Hackers Use TrickGate Packer to Deploy Emotet, Cobalt Strike & Other Malware

What is an OSINT Tool – Best OSINT Tools 2023

TrickGate: Malicious Software Outwitting Antivirus for 6 Years

Over 1800 Android Mobile App Web Injects for Sale on Hacking Forums
Advertise

No Result

View All Result

SS7 SMS Intercept

SS7 SMS Intercept

SS7 SMS Intercept

Home Hacking News

Android Remote Keyboard Apps Have Critical Flaws

by Ineedhack

December 8, 2022

in Hacking News

80

SHARES

502

VIEWS

Share on Facebook Share on Twitter

Kripkey Spy Phone

Kripkey Spy Phone

Kripkey Spy Phone

Remote code execution flaws were discovered by researchers in numerous Android remote keyboard apps. The vulnerability was discovered in a number of remote keyboard apps for Android. This increased the risk of compromising the safety of more than 2 million Android users.

Android Remote Keyboard Apps Vulnerabilities

A recent by Synopsys Cybersecurity Research Center, (CyRC) revealed that they discovered numerous security flaws in several Android remote keyboard apps. The vulnerable apps also included remote mouse apps.

These apps are Lazy Mouse and Telepad as well as PC Keyboard. They allow an Android device to be used remotely for keyboards or mice. CyRC identified the following vulnerabilities in the apps.

CVE-202-25477 (CVSS 9.8) The vulnerability in Telepad app execute code on the target server.
CVE-202-25479 (CVSS 8.8): This critical flaw affects the keyboard app that allows remote users to perform commands on the target system.
CVE-202-25481 (CVSS 9.8) This code execution flaw in Lazy Mouse allowed remote users to gain access. The default configuration did not have a password requirement.
CVE-20222-45482 (CVSS 9.8) The weak password and rate limit in Lazy Mouse allowed remote attackers to bypass the security measures and use arbitrary commands.

Researchers also observed that all three apps allowed data to be sent in transit between the device and server. Telepad ( HTML022-45478, CVSS 5.1.1), PC Keyboard( CVE-2022-45448, CVSS 5.1.1) and Lazy Mouse( CVE-2022-45483, CVSS 5.1), all transmitted sensitive data in cleartext.

There is no patch available for all three apps

These vulnerabilities were found in Telepad version 1.0.7 and earlier, PC Keyboard version 30 and prior, Lazy Mouse Version 2.0.1 and before. Researchers explained to us that they failed to hear from the developers despite numerous attempts.

The apps don’t appear to be in maintenance which could make it difficult for users to access the app. To avoid any potential dangers, the developers urge users to remove these apps from all their devices.

We would love to hear your comments.

Tags: hack news hacking news hacking software hacking tips hacking tutorials

Ineedhack

Next Post

Multiple Vulnerabilities In MegaRAC BMC Risked Server Security

No Result

View All Result