CVE-2013-6271
published 2013-12-14CVE-2013-6271: Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the…
PriorityP352high8.8CVSS 2.0
AVNACMAuNCCICAN
EXPLOIT
EPSS
8.90%
94.6th percentile
Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
arXiv
Security and Privacy Assessment of U.S. and Non-U.S. Android E-Commerce Applications
arxiv_fulltext·2025-10-14
Security and Privacy Assessment of U.S. and Non-U.S. Android E-Commerce Applications
Security and Privacy Assessment of U.S. and
Non-U.S. Android E-Commerce Applications
Security and Privacy in Global E-Commerce Apps
Urvashi Kishnani^* 0000-0001-6389-5508
Sanchari Das^ 0000-0003-1299-7867
^*University of Denver, Denver, CO, USA
^ George Mason University, Fairfax, VA, USA
Kishnani and Das
## Abstract
E-commerce mobile applications are central to global financial transactions, making their security and privacy crucial. In this study, we analyze 92 top-grossing Android e-commerce apps (58 U.S.-based and 34 international) using MobSF, AndroBugs, and RiskInDroid. Our analysis shows widespread SSL and certificate weaknesses, with approximately 92% using unsecured HTTP connections and an average MobSF security score of 40.92/100. Over-privileged permissions were identified
arXiv
Evaluating the Security and Privacy Risk Postures of Virtual Assistants
arxiv_fulltext·2023-12-22
Evaluating the Security and Privacy Risk Postures of Virtual Assistants
Evaluating the Security and Privacy Risk Postures of Virtual Assistants
Borna Kalhor1, Sanchari Das2
1Department of Computer Engineering, Ferdowsi University of Mashhad, Mashhad, Iran
2Department of Computer Science, University of Denver, Denver, Colorado, USA
[email protected], [email protected]
Virtual Assistants, Privacy and Security, Vulnerability Analysis, Voice Assistants, Security Evaluation.
Virtual assistants (VAs) have seen increased use in recent years due to their ease of use for daily tasks. Despite their growing prevalence, their security and privacy implications are still not well understood. To address this gap, we conducted a study to evaluate the security and privacy postures of eight widely used voice assistants: Alexa, Braina, Cortana, Google Assistant, Ka
http://seclists.org/fulldisclosure/2013/Nov/204http://www.securitytracker.com/id/1029410http://www.theregister.co.uk/2013/12/10/android_has_lockbypass_bug/https://cureblog.de/2013/11/cve-2013-6271-remove-device-locks-from-android-phone/http://seclists.org/fulldisclosure/2013/Nov/204http://www.securitytracker.com/id/1029410http://www.theregister.co.uk/2013/12/10/android_has_lockbypass_bug/https://cureblog.de/2013/11/cve-2013-6271-remove-device-locks-from-android-phone/
2013-12-14
Published