Description
Screenshots of applications that are moved to the background are created for better user experience. Unfortunately, other apps can access them, exposing sensitive data such as banking information, passwords, or personal information.
Example
All applications in the background can be viewed (screen shots).
Countermeasures
Use the FLAG_SECURE to hide the screen when an app is put into hang mode. This will only display a black placeholder.
References
While doing my preperation for the OSCE i found an nbsp exploit for the coolpalyer+ version 2 19 1 from [...]
nbsp Vulnerable software FTP server 8 0f g Vulnerability Local Buffer Overflow SEH protected gt Code Execution Time Line [...]
CVE CVE 2018 16231 Vulnerable software FTP server lt = 8 4f Vulnerability Remote denial of service Timeline 30 01 [...]
CVE CVE 2018 7272 Vulnerable software AT nbsp 5 0 0 5 1 0 Vulnerability Unauthorized access Timeline 15 12 [...]
