<--
א
Roee Hay
Twitter:
@roeehay
Homepage:
https://securityresear.ch/
GitHub:
roeeh
Keybase:
roee
POSTS
Exploiting Qualcomm EDL Programmers (5): Breaking Nokia 6's Secure Boot
22-Jan 2018
,
QPSIIR-909
ALEPH-2017029
CVE-2017-13174
CVE-2017-5947
Exploiting Qualcomm EDL Programmers (4): Runtime Debugger
22-Jan 2018
,
QPSIIR-909
ALEPH-2017029
CVE-2017-13174
CVE-2017-5947
Exploiting Qualcomm EDL Programmers (3): Memory-based Attacks & PBL Extraction
22-Jan 2018
,
QPSIIR-909
ALEPH-2017029
CVE-2017-13174
CVE-2017-5947
Exploiting Qualcomm EDL Programmers (2): Storage-based Attacks & Rooting
22-Jan 2018
,
QPSIIR-909
ALEPH-2017029
CVE-2017-13174
CVE-2017-5947
Exploiting Qualcomm EDL Programmers (1): Gaining Access & PBL Internals
22-Jan 2018
,
QPSIIR-909
ALEPH-2017029
CVE-2017-13174
CVE-2017-5947
Untethered initroot (USENIX WOOT '17)
30-Aug 2017
,
CVE-2016-10277
A-62345923
Nexus 9 vs. Malicious Headphones, Take Two
13-Jun 2017
,
CVE-2017-0648
CVE-2017-0510
CVE-2017-0563
CVE-2017-0582
initroot: Hello Moto
07-Jun 2017
,
CVE-2016-10277
initroot: Bypassing Nexus 6 Secure Boot through Kernel Command-line Injection
23-May 2017
,
CVE-2016-10277
CVE-2017-1000363
OnePlus OTAs: Analysis & Exploitation
11-May 2017
,
CVE-2017-5948
CVE-2017-8850
CVE-2017-8851
CVE-2016-10370
Owning OnePlus 3/3T with a Malicious Charger: The Last Piece of the Puzzle
26-Mar 2017
,
CVE-2017-5622
CVE-2017-5626
CVE-2017-5624
Attacking Nexus 9 with Malicious Headphones
08-Mar 2017
,
CVE-2017-0510
CVE-2017-0563
CVE-2017-0582
Owning a Locked OnePlus 3/3T: Bootloader Vulns
08-Feb 2017
,
CVE-2017-5626
CVE-2017-5624
Attacking Nexus 6/6P Custom Boot Modes
05-Jan 2017
,
CVE-2016-8467
CVE-2016-6678
VULNS
01/22/18
ALEPH-2017029
Nokia 6/5 EDL triggering through USB
01/22/18
QPSIIR-909
Qualcomm EDL Firehose Programmers Peek and Poke Primitives
01/22/18
CVE-2017-5947
OnePlus EDL triggering through ADB or Hardware Key Combination
08/01/17
CVE-2017-11105
OnePlus 2 Lack of SBL1 Validation Broken Secure Boot
06/13/17
CVE-2017-0648
Google Nexus 9 Ephemeral Access to Unrestricted FIQ Debugger and SysRq
05/23/17
CVE-2017-1000363
Linux lp.c Out-of-Bounds Write via Kernel Command-line
05/23/17
CVE-2016-10277
Motorola Android Bootloader Kernel Cmdline Injection Secure Boot Bypass
05/11/17
CVE-2017-8851
OnePlus OTA One/X Crossover Vulnerability
05/11/17
CVE-2017-8850
OnePlus OTA OxygenOS/HydrogenOS Crossover Vulnerability
05/11/17
CVE-2017-5948
OnePlus OTA Downgrade Vulnerability
05/04/17
CVE-2017-0582
Google Nexus 9 SensorHub Firmware Downgrade Vulnerability
05/03/17
CVE-2017-0563
Google Nexus 9 Cypress SAR Firmware Injection via I2C
04/27/17
CVE-2017-8300
TBA
04/25/17
CVE-2017-5625
OnePlus 3/3T OxygenOS Unauthorized Flash Dumping via fastboot
04/06/17
ALEPH-2017018
TBA
03/26/17
CVE-2017-5622
OnePlus 3/3T OxygenOS Charger Boot Mode ADB Access
03/19/17
CVE-2017-5623
OnePlus 3/3T OxygenOS Unauthorized Boot Mode Changing
03/08/17
CVE-2017-0510
Google Nexus 9 Unauthorized Access to FIQ Debugger
03/01/17
ALEPH-2017012
TBA
02/08/17
CVE-2017-5626
OnePlus 3/3T OxygenOS 4F500301 Bootloader Locking Bypass
02/08/17
CVE-2017-5624
OnePlus 3/3T OxygenOS dm-verity Security Bypass
01/11/17
CVE-2017-5554
OnePlus 3/3T OxygenOS SELinux Security Bypass
01/05/17
CVE-2016-8467
Google Nexus 6/6P Custom Boot Modes USB Configs Override
10/04/16
CVE-2016-6678
Google Nexus 6 f_usbnet Kernel Uninitialized Memory Leak Over USB
09/05/16
ALEPH-2016000
Google Nexus 5X Bootloader Unauthorized Memory Dumping via USB
11/20/15
CVE-2015-5257
Weak Randomization of BridgeSecret for Apache Cordova Android
08/10/15
CVE-2015-2020
MyScript Android SDK Deserialization Code Execution
08/10/15
CVE-2015-2004
GraceNote GNSDK Android SDK Deserialization Code Execution
08/10/15
CVE-2015-2003
PJSIP PJSUA2 Android SDK Deserialization Code Execution
08/10/15
CVE-2015-2002
esri ArcGis Android SDK Deserialization Code Execution
08/10/15
CVE-2015-2001
MetaIO Android SDK Deserialization Code Execution
08/10/15
CVE-2015-2000
Jumio Android SDK Deserialization Code Execution
08/10/15
CVE-2015-3837
Android OpenSSLX509Certificate Deserialization Code Execution
12/03/14
ALEPH-2014011
VASCO MyDigipass OAuth Unverified Email Social Login Bypass
12/03/14
ALEPH-2014010
Amazon OAuth Unverified Email Social Login Bypass
12/03/14
ALEPH-2014009
LinkedIn OAuth Unverified Email Social Login Bypass
07/28/14
CVE-2014-3502
Apache Cordova for Android Leak via URL Loading
07/28/14
CVE-2014-3500
Apache Cordova for Android Cross-App Scripting
07/28/14
CVE-2014-3501
Apache Cordova for Android Whitelist Bypass for Non-HTTP URLs
06/30/14
CVE-2014-3100
Android KeyStore Stack Buffer Overflow
03/25/14
CVE-2014-1506
Firefox for Android Crash Reporter File Manipulation
03/25/14
CVE-2014-1515
Firefox for Android Automatic File Download to SD Card
03/25/14
CVE-2014-1516
Firefox for Android Profile Directory Name Weak Randomization
03/11/14
CVE-2014-8889
Dropbox Android SDK INTERNAL_WEB_HOST Security Bypass
02/04/14
CVE-2014-1484
Firefox for Android Profile Directory Name Leaks to Android System Log
12/10/13
ALEPH-2013000
Android Fragment Injection
08/13/13
CVE-2012-2808
Weak Randomness in Android's DNS Resolver
08/13/13
ALEPH-2013001
BIND 9 NS Selection SRTT Algorithm Weakness
05/03/12
CVE-2011-3901
Android SQLite Journal Information Disclosure
10/18/11
CVE-2011-3552
Oracle Java Remote DNS Poisoning via Port Exhausion #2
10/18/11
ALEPH-2011003
Microsoft Windows Unprivileged DNS Cache Flushing
10/18/11
ALEPH-2011002
Microsoft Windows Port Exhaustion Weakness
10/18/11
CVE-2010-4448
Oracle Java Remote DNS Poisoning via Port Exhausion
09/20/11
ALEPH-2011007
Opera Mobile for Android Cache Poisoning XAS
09/20/11
ALEPH-2011006
Dolphin Browser HD Cross-Application Scripting
07/31/11
CVE-2011-2357
Android Browser Cross-Application Scripting
08/02/09
CVE-2009-1869
Adobe Flash Player and AIR AVM2 intf_count Integer Overflow
06/02/09
CVE-2009-0955
Apple QuickTime Image Description Atom Sign Extension Memory Corruption
10/08/08
CVE-2009-0519
Adobe Flash Out-of-Bounds Memory Read DoS
10/08/08
CVE-2008-4555
Graphviz Stack Buffer Overflow Code Execution
09/09/08
CVE-2008-3624
Apple QuickTime QTVR Sign-Extension Heap Overflow