CVE-2025-32312 - Exploiting Unsafe Deserialization in PackageParser’s createIntentsList — Local Privilege Escalation on Android
---
A new Android vulnerability, CVE-2025-32312, has made waves in mobile security. This bug exists inside Android’s essential package parsing component—PackageParser.java. Specifically,
CVE-2025-26453 - Understanding a Cross-User Data Leak in BluetoothOppSendFileInfo.java
A new vulnerability, CVE-2025-26453, has been discovered in the Android operating system, specifically in the Bluetooth file sharing feature. This vulnerability affects the BluetoothOppSendFileInfo.java
CVE-2025-26458 - Background Activity Launch in LocationProviderManager.java Leads to Local Privilege Escalation
A new vulnerability, CVE-2025-26458, was discovered in the Android Open Source Project (AOSP). The flaw sits inside multiple functions of the LocationProviderManager.java class. Due
CVE-2025-26452 - New Android Privilege Escalation Exploit in loadDrawableForCookie – A Step-by-Step Guide
In this deep-dive, we’ll break down the newly discovered Android vulnerability CVE-2025-26452, which affects the way task snapshots can be accessed by an app
CVE-2025-26456 - Crashing System Server via DexUseManagerLocal.java Logic Error – Exploit Details and Analysis
A critical vulnerability, CVE-2025-26456, was discovered in the Android framework, specifically affecting the DexUseManagerLocal.java component. This bug allows any local application to crash the
Episode
00:00:00
00:00:00