NewApp Digest
search bot

software security

Malicious Android Photo Frame App Gives Hackers Full Device Control Without User Action
AppWizard
November 14, 2025

Malicious Android Photo Frame App Gives Hackers Full Device Control Without User Action

A security assessment has revealed that digital photo frames using Uhale technology are vulnerable to a new class of malicious Android applications that can take control of devices without user interaction. The pre-installed Uhale app can silently download and execute malware during device booting or software updates due to insecure connections and improper certificate verification. Attackers can intercept network traffic to execute remote code with a critical CVSS score of 9.4, allowing access to private photos and the potential to create botnets. Many affected devices run outdated Android versions (6.0/6.0.1) with SELinux disabled and rooted by default, facilitating privilege escalation and persistent malware installation. Additionally, the Uhale app's unsecured local network file transfer feature allows attackers on the same network to send malicious files or delete files without user consent. Researchers emphasize the need for improved software security in consumer electronics, urging manufacturers to adopt modern Android builds and enforce security protocols. Users are advised to disconnect or update their devices to mitigate risks.
Android and Windows gamers worldwide potentially affected by bug in Unity game engine
BetaBeacon
October 6, 2025

Android and Windows gamers worldwide potentially affected by bug in Unity game engine

A vulnerability, known as CVE-2025-59489, has been discovered in the Unity engine, widely used in game development. The bug could allow malicious files to take control of permissions granted to Unity games and run commands on a victim's device. The vulnerability primarily affects Android, Windows, Linux, and MacOS systems, but not iOS devices or gaming consoles. Unity has released fixes for the vulnerability, with no evidence of exploitation so far. Microsoft advises users to uninstall vulnerable apps and games temporarily, while Steam has announced measures to block potentially malicious command line parameters in Unity games. The bug was reported by a researcher at GMO Flatt Security, who praised Unity for promptly addressing the issue. Users are encouraged to update their software to protect against potential threats.
How to enable TPM, Secure Boot, HVCI, and VBS for Battlefield 6 and Black Ops 7
AppWizard
October 1, 2025

How to enable TPM, Secure Boot, HVCI, and VBS for Battlefield 6 and Black Ops 7

Battlefield 6 requires gamers to meet advanced security requirements to access the game, including TPM 2.0, Secure Boot, HVCI, and VBS. TPM 2.0 is a hardware-based security feature found on most modern motherboards, and if absent, users may need to research their motherboard for upgrade options. Secure Boot and TPM 2.0 can be checked using the Steam beta client or through the Device Manager and System Information panel. If disabled, they can typically be enabled via the BIOS/EFI system. Windows must operate in UEFI mode with the GUID partition table for these features to function correctly, and if installed in legacy mode, reinstallation may be necessary. HVCI protects against malicious code and can be checked via the memory integrity settings. VBS can be verified through the System Information panel, indicating if it is running.
How Pixel and Android are bringing a new level of trust to your images with C2PA Content Credentials
AppWizard
September 11, 2025

How Pixel and Android are bringing a new level of trust to your images with C2PA Content Credentials

The Google Pixel 10 phones incorporate C2PA Content Credentials in their camera and Google Photos, marking them as the first to attach these credentials to every photograph taken. The Pixel Camera app has achieved Assurance Level 2, the highest security rating from the C2PA Conformance Program, ensuring a secure environment for digital content. The integration employs a private-by-design strategy for certificate management, preventing traceability back to the creator. On-device trusted time-stamps allow users to trust images even after the certificate expires. The technology is supported by the Google Tensor G5 and Titan M2 security chip, enhancing hardware-backed security features. Content Credentials provide detailed information about the creation and protection of media files, helping users identify AI-generated or altered content. Google is a steering committee member of the Coalition for Content Provenance and Authenticity (C2PA), which aims to establish industry standards for digital content verification. The Pixel 10 categorizes digital content based on verifiable proof of its creation process. Each JPEG photo captured includes Content Credentials, and Google Photos validates these credentials for edited images. The implementation architecture is designed to be secure, verifiable, and usable offline. Google employs a unique certificate management strategy to enhance user privacy, ensuring that each key and certificate is used for only one image. An on-device offline time-stamping authority allows for the generation of trusted time-stamps without requiring internet connectivity.
Microsoft Store disables opting out of automatic app updates
Winsage
August 18, 2025

Microsoft Store disables opting out of automatic app updates

Microsoft has changed its approach to automatic updates for apps in the Microsoft Store, limiting users to a maximum delay of five weeks for updates. After this period, updates will be installed automatically, regardless of user preference. This change raises concerns about the balance between security and user control, as mandatory updates aim to enhance security and stability but may also lead to risks associated with automatic installations. Users may prefer to postpone updates due to potential dissatisfaction with changes in app functionality.
Search