exploitable vulnerability Archives

AppWizard

April 25, 2026

NoVoice malware hit 2.3 million Android devices through apps Google never should have approved

McAfee researchers discovered a complex Android rootkit campaign, dubbed Operation NoVoice, that infiltrated 50 applications on Google Play, exploiting vulnerabilities in the kernel that had been patched but not uninstalled. The malware was resilient enough to survive factory resets and was concealed within seemingly benign apps, which collectively garnered 2.3 million downloads. The malicious payload was hidden in the com.facebook.utils package and used steganography to embed an encrypted payload within a PNG image. The malware conducted multiple checks to avoid detection and established contact with a command-and-control server, polling for exploit packages every 60 seconds. It utilized 22 distinct exploits, including vulnerabilities that had received patches between 2016 and 2021. The malware disabled SELinux enforcement and installed a persistent rootkit that could survive factory resets. Google confirmed the removal of the infected apps but noted that users who had already downloaded them remained at risk, especially if their devices were running unpatched Android versions. McAfee advised affected users to treat their devices as compromised and consider professional inspection or hardware-level storage wiping for remediation.

Winsage

August 15, 2024

August 2024 Patch Tuesday: Updates and Analysis | CrowdStrike

Microsoft's August 2024 Patch Tuesday addressed 85 vulnerabilities, including six zero-day exploits. The vulnerabilities are categorized as CVE-2024-38213, CVE-2024-38193, CVE-2024-38189, CVE-2024-38178, CVE-2024-38107, and CVE-2024-38106. Six vulnerabilities are classified as Critical, while the remaining 79 are rated Important or Moderate. The predominant risk types include elevation of privilege (37%) and remote code execution (35%). Windows products received 43 patches, with 21 for the Extended Security Update (ESU) and 8 for Microsoft Office. Notable zero-day vulnerabilities include: - CVE-2024-38189 in Microsoft Project (CVSS 8.8) allows remote code execution. - CVE-2024-38193 in Windows Ancillary Function Driver for WinSock (CVSS 7.8) allows privilege escalation. - CVE-2024-38107 in Windows Power Dependency Coordinator (CVSS 7.8) allows privilege escalation. - CVE-2024-38178 in the Scripting Engine (CVSS 7.5) allows remote code execution. - CVE-2024-38106 in the Windows kernel (CVSS 7.0) allows privilege escalation. - CVE-2024-38213 in Windows Mark of the Web Security (CVSS 6.5) allows security warning bypass. Critical vulnerabilities include: - CVE-2024-38063 (CVSS 9.8) in Windows TCP/IP allows remote code execution. - CVE-2024-38140 (CVSS 9.8) in Windows Reliable Multicast Transport Driver allows remote code execution. - CVE-2024-38109 (CVSS 9.1) in Azure Health Bot allows privilege escalation. - CVE-2024-38159 and CVE-2024-38160 (both CVSS 9.1) in Windows Network Virtualization allow remote code execution. - CVE-2023-40547 (CVSS 8.8) impacts Secure Boot. Additional vulnerabilities with existing proof of concept include: - CVE-2024-38199 (CVSS 9.8) in Windows Line Printer Daemon allows remote code execution. - CVE-2024-38202 (CVSS 7.3) in Windows Update Stack allows privilege escalation. - CVE-2024-21302 (CVSS 6.7) in Windows Secure Kernel Mode allows privilege escalation.

AppWizard

August 15, 2024

Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App

A vulnerability has been identified in Google Pixel devices, linked to a software package called “Showcase.apk,” which has existed in every Android release for these devices since September 2017. This application, created by Smith Micro for Verizon, operates at the system level and has extensive privileges, including remote code execution and the ability to install software remotely. It downloads configuration files via an unencrypted HTTP connection, making it susceptible to exploitation. iVerify disclosed this vulnerability to Google in early May, but a fix has not yet been released. Google has stated that Showcase is no longer in use by Verizon and that an update to remove it from supported Pixel devices is forthcoming. There is currently no evidence of active exploitation, and the app is absent in the newly announced Pixel 9 series. However, concerns remain about the potential for exploitation, particularly if a remote activation method is discovered. iVerify also speculates that Showcase could be present in other Android devices, and Google is notifying other manufacturers about the issue.

Winsage

July 18, 2024

Windows installer tagged with flaws that could elevate privileges

An unpatched vulnerability in Windows installer files allows attackers to elevate privileges and potentially take over vulnerable systems. The vulnerability stems from the way Windows handles permissions for installer files, allowing custom actions to bypass normal account protections and carry out malicious activities. The flaw was reported to Microsoft last year but was dismissed as not replicable on patched systems. The vulnerability requires local access to exploit, making it more difficult for threat actors to take advantage of.

Winsage

June 14, 2024

New Wi-Fi Takeover Attack—All Windows Users Warned To Update Now

CVE-2024-30078 can be exploited without any user interaction.