43052
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Patch Diffing CVE-2024-23265: An iOS Kernel Memory Corruption Vulnerability
https://8ksec.io/patch-diffing-ios-kernel/
iOS Crypto Heist: iMessage Zero-Click RCE Chain (CVE-2025-31200, CVE-2025-31201)
CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudio’s AudioConverterService, triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalation (CVE-2025-31201), and allowed token theft until patched in iOS 18.4.1 (Apr 16, 2025)
Info: https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201
PoC exploit: https://www.dropbox.com/scl/fi/oerpnhq1ui3xfswsszfh2/Audio-clip.amr?rlkey=7n54m1o84poezyipxvd2f9slx&e=3&st=b1tkonvr&dl=0
Attacking telecom: security bugs from 2G to 5G, SMS exploits, and SS7 & Diameter protocols
[presentation] https://www.youtube.com/watch?v=364R1SoGGJ4
Silent Smishing : The Hidden Abuse of Cellular Router APIs
Cellular router’s API was exploited to send malicious SMS messages containing phishing URLs
https://blog.sekoia.io/silent-smishing-the-hidden-abuse-of-cellular-router-apis/
Datzbro: RAT Hiding Behind Senior Travel Scams
https://www.threatfabric.com/blogs/datzbro-rat-hiding-behind-senior-travel-scams
Analysis of Android DHCSpy operated by the Iranian APT MuddyWater
https://shindan.io/blog/dhcspy-discovering-the-iranian-apt-muddywater
Writeup for CVE-2025-24085, an ITW iOS mediaplaybackd vulnerability patched earlier this year
https://github.com/b1n4r1b01/n-days/blob/main/CVE-2025-24085/CVE-2025-24085.md
Banker Trojan Targeting Indonesian and Vietnamese Android Users
https://dti.domaintools.com/banker-trojan-targeting-indonesian-and-vietnamese-android-users/
Finding vulnerabilities in the Binder kernel driver through fuzzing
https://androidoffsec.withgoogle.com/posts/binder-fuzzing/
Trigger for the integer underflow bug in the HID core subsystem (CVE-2025-38494 and CVE-2025-38495) that leaks 64 KB of OOB memory over USB
Still works on Pixels and Ubuntus (but the bug is fixed in stable kernels)
https://github.com/xairy/kernel-exploits/tree/master/CVE-2025-38494
Android SlopAds Fraud with Layers of Obfuscation
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-slopads-covers-fraud-with-layers-of-obfuscation/
Wanted to spy on my dog, ended up spying on TP-Link (TP-Link Tapo app)
https://kennedn.com/blog/posts/tapo/
PhantomCall unmasked: An Antidot variant disguised as fake Chrome apps in a global banking malware campaign
https://www.ibm.com/think/news/phantomcall-antidot-variant-in-fake-chrome-apps
The Rise of RatOn: From NFC heists to remote control and ATS
https://www.threatfabric.com/blogs/the-rise-of-raton-from-nfc-heists-to-remote-control-and-ats
CoRCTF 2025 - CoRPhone: Android Kernel Pwn
CoRPhone is an Android kernel exploitation challenge created for CoRCTF 2025. It simulates a scenario in which a kernel exploit is delivered as shellcode and executed in memory by an untrusted Android app.
https://github.com/0xdevil/corphone/tree/main
Exploit for a vulnerability in the Nothing Phone 2a/CMF Phone 1 secure boot chain (and possibly other MediaTek devices)
Info + PoC: https://github.com/R0rt1z2/fenrir
Two spyware strains - ProSpy & ToSpy - masquerade as Signal and ToTok to infect Androids
https://www.welivesecurity.com/en/eset-research/new-spyware-campaigns-target-privacy-conscious-android-users-uae/
Phones auto-connecting to "FreeWiFi_Secure" Wi-Fi network leak full IMSI in cleartext during EAP-SIM exchange
Anyone nearby with sniffer could capture it → track users, or correlate identities.
Fixed pushed disabling FreeWiFi_Secure on legacy boxes starting Oct 1, 2025.
https://7h30th3r0n3.fr/the-vulnerability-that-killed-freewifi_secure/
Klopatra: exposing a new Android banking trojan operation with roots in Turkey
https://www.cleafy.com/cleafy-labs/klopatra-exposing-a-new-android-banking-trojan-operation-with-roots-in-turkey
Security Evaluation Of Android Apps In Budget African Mobile Devices
The study examined 1,544 APKs collected from seven African smartphones. The analysis revealed that 145 applications (9%) disclose sensitive data, 249 (16%) expose critical components, and many present additional risks: 226 execute privileged or dangerous commands, 79 interact with SMS messages (read, send, or delete), and 33 perform silent installation operations
https://arxiv.org/pdf/2509.18800
Exploring Android Accessibility Malware | Droidcon Italy 2024
https://www.youtube.com/watch?v=xCHW8ql3vi0
Triggered WhatsApp 0-click on iOS/macOS/iPadOS
CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300.
Analysis of Samsung CVE-2025-21043 is also ongoing
Source: https://x.com/DarkNavyOrg/status/1972260639101034950
Obtain a root shell on Unisoc unpatched devices (CVE-2025-31710)
https://github.com/Skorpion96/unisoc-su/tree/main?tab=readme-ov-file
CVE-2025-10184 is permission bypass that affects multiple OnePlus devices running OxygenOS 12–15 (NOT FIXED) with PoC
This vulnerability allows any application installed on the device to read SMS/MMS without permission, user interaction, or consent.
https://www.rapid7.com/blog/post/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed/
Automating Android Component Testing with new APK Inspector tool
-What are exported components?
-Setup and testing APK Inspector
-Improve automation and execute ADB commands interactively
-Run it on Android
-What are Intent Redirection Vulnerabilities?
https://www.mobile-hacker.com/2025/09/18/automating-android-app-component-testing-with-new-apk-inspector/
NFC Card Vulnerability Exploitation Leading to Free Top-Up in KioSoft "Stored Value" Unattended Payment Solution (Mifare) CVE-2025-8699
https://sec-consult.com/vulnerability-lab/advisory/nfc-card-vulnerability-exploitation-leading-to-free-top-up-kiosoft-payment-solution/
Strategies for Analyzing Native Code in Android Applications: Combining Ghidra and Symbolic Execution for Code Decryption and Deobfuscation
https://revflash.medium.com/strategies-for-analyzing-native-code-in-android-applications-combining-ghidra-and-symbolic-aaef4c9555df
Analysis of P2P cheap "spy" cameras and their LookCam app
https://palant.info/2025/09/08/a-look-at-a-p2p-camera-lookcam-app
Analysis of CVE-2025-38352 and technical insights into process of triggering the bug that caused a crash in the Android kernel. It was released in the September 2025 Android Bulletin, marked as possibly under limited, targeted exploitation.
https://streypaws.github.io/posts/Race-Against-Time-in-the-Kernel-Clockwork/
Agentic Discovery and Validation of Android App Vulnerabilities
https://arxiv.org/pdf/2508.21579v1