Tag Archive : flaws

/ flaws

Google already has efforts to improve Android security, such as speeding updates and offering bug bounties, but it’s now ramping things up by disclosing flaws for software it didn’t write. The company has launched an Android Partner Vulnerability Initiative (via XDA-Developers) to manage security flaws it discovers that are specific to third-party Android devices. Google hopes to both “drive remediation” (read: prompt faster patch releases) and warn users about potential problems.



a hand holding a cellphone: Huawei P30 and P30 Pro running Android


Huawei P30 and P30 Pro running Android

The company added that its initiative had already addressed a number of Android issues. It didn’t mention companies by name in a blog post, but a bug tracker for the program mentioned several manufacturers. Huawei had issues with insecure device backups in 2019, for example. Oppo and Vivo phones had sideloading vulnerabilities. ZTE had weaknesses in its message service and browser autofill. Other affected vendors included Meizu, chip maker MediaTek, Digitime,

Read More

Topline

Huawei has failed to adequately resolve security flaws in the equipment used by the U.K. telecom networks, the British government’s cyber-spy agency said in an official report released a few months after the Chinese telecom equipment-maker was barred from the country’s 5G mobile networks over security concerns.

Key Facts

The report, prepared by a U.K. government board led by a member of the cyber-intelligence agency Government Communications Headquarters (GCHQ) found that there had been no evidence that the Chinese firm has made a significant shift on the matter, the BBC reported.

The report added that while some improvements were made by Huawei, the board could only provide “limited assurance that all risks to UK national security” could be mitigated in the long-term.

The U.K. government had initiated a review of Huawei’s

Read More

Cisco has alerted customers using its IOS and ISO XE networking gear software to apply updates for 34 flaws across 25 high-severity security advisories. 

The large number of flaws affecting ISO and ISO XE are due to the advisories being announced as part of Cisco’s semi-annual release for the widely used software for Cisco routers and network switches, which happens in April and September. 

Cisco’s IOS stands for Internetworking Operating System and is based on Linux. 

There are two advisories with a severity score of 8.8, the highest of this release’s 25 high-severity advisories. One, tracked as CVE-2020-3400, is an authorization bypass vulnerability in the Cisco IOS XE software web user interface (UI) that may allow a remote attacker with valid credentials to use part of the UI. It’s due to insufficient authorization of web UI access requests and could allow a user with read-only rights to perform actions with

Read More