all InfoSec news
FotaProvider.apk — Arbitrary Command Execution
July 24, 2023, 5:44 a.m. | ^-^
InfoSec Write-ups - Medium infosecwriteups.com
FotaProvider.apk — Arbitrary Command Execution
This is an exercise from Maddiestone’s “Android Reverse Engineering 101” workshop.
AndroidManifest.xml
<manifest xmlns:android="http://schemas.android.com/apk/res/android" android:sharedUserId="android.uid.system" android:versionCode="220" android:versionName="2.2.0" package="com.adups.fota.sysoper">
android:sharedUserId="android.uid.system"
At first, we see a major issue on the App. The App shares the same userId as the system. Meaning it can execute all of its functionalities with system privileges. Potentially harmful.
Another potentially vulnerability. All those App Components have the exported parameter defined as “true”. Meaning we can execute system …
More from infosecwriteups.com / InfoSec Write-ups - Medium
Honeypots 101: A Beginner’s Guide to Honeypots
3 days, 1 hour ago |
infosecwriteups.com
No Dev Team? No Problem: Writing Malware and Anti-Malware With GenAI
3 days, 13 hours ago |
infosecwriteups.com
Devvortex Hackthebox Walkthrough
4 days, 2 hours ago |
infosecwriteups.com
Port Scanning for Bug Bounties
4 days, 2 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Intern, Cyber Security Vulnerability Management
@ Grab | Petaling Jaya, Malaysia
Compliance - Global Privacy Office - Associate - Bengaluru
@ Goldman Sachs | Bengaluru, Karnataka, India
Cyber Security Engineer (m/w/d) Operational Technology
@ MAN Energy Solutions | Oberhausen, DE, 46145
Armed Security Officer - Hospital
@ Allied Universal | Sun Valley, CA, United States
Governance, Risk and Compliance Officer (Africa)
@ dLocal | Lagos (Remote)