Microsoft researchers discover serious security vulnerabilities in big-name Android apps
The Microsoft 365 Defender Research Team has shared details of several high-severity vulnerabilities found in a mobile framework used in popular apps associated with a number of big names.
The framework is owned by mce Systems, and is used in apps from numerous mobile providers. The apps -- from the likes of AT&T, Rogers Communications and Bell Canada -- are often pre-installed on Android handsets, but they have also been downloaded millions of times. If exploited, the vulnerabilities allow for local or remote attacks, including command injection and privilege escalation attacks.
Microsoft discovers Nimbuspwn privilege escalation vulnerabilities in Linux
Security researchers at Microsoft have found a series of vulnerabilities affecting Linux. Collectively named Nimbuspwn, the security flaws can be chained together to allow an attacker to gain root access to a system.
Microsoft warns that the vulnerabilities, which are being tracked as CVE-2022-29799 and CVE-2022-29800, could also be exploited to execute ransomware attacks and more.