Multiple vulnerabilities in the Smartphone Pentest Framework

Multiple vulnerabilities have been discovered in the Smartphone Pentest Framework

Discovered  vulnerabilities can be exploited by malicious people to gain total control of the pentester's system.

The company High-Tech Bridge Security published a notice describing multiple vulnerabilities in Smartphone Pentest Framework (SPF) - a product designed to find vulnerabilities in smartphones.

Smartphone Pentest Framework was presented at this year's conference Blackhat, Defcon, Bsides and received a grant from DARPA Cyber ​​Fast Track to the development of a promising project.

Can be exploited by malicious people to conduct CSRF attack to gain access to sensitive information, execute arbitrary SQL commands to the database application and execute arbitrary commands on the system. The presence of unsafe file permissions allow local users to gain escalated privileges.

Android-locking - Vulnerability in Android

Vulnerability in Android allows you to bypass the lock pattern

Most people know that the Android-locking device with a password or PIN-code is more secure than using a pattern (pattern). However, no one suspected that the latter method can be so dangerous. A craftsman from XDA Developer Forum exposed the vulnerability that allows little or no additional effort to gain access to devices with a version of Android 2.3 and above, blocked in this way.