CVE-2019-11932 describes a vulnerability in what product? https://nvd.nist.gov/vuln/detail/CVE-2019-11932 …
-
Show this thread
-
Correct answer: CVE-2019-11932 is a vulnerability in the android-gif-drawable library. Yet the CVE text doesn't mention "android-gif-drawable". It only mentions WhatsApp. I'm aware of over 28,400 free Android apps that use this library. I wonder how many app authors are aware?
2 replies 36 retweets 82 likesShow this thread -
For example, here's a demonstration of viewing a crafted message with an app called Chomp SMS. It has over 10 million installs and also uses android-gif-drawable. When
@facebook created the entry for CVE-2019-11932, they neglected to mention anything other than WhatsApp.pic.twitter.com/dYJJp2bUOz5 replies 21 retweets 69 likesShow this thread -
Is there a database of Android Apps along with frameworks they are using? How do you correlate it? What sources do you use?
1 reply 0 retweets 0 likes -
Replying to @marcinguy @Facebook
I've been downloading Android apps since I started looking for apps with private keys in them. An Android manifest file will contain the list of files contained in an app. I just queried my Android pile for apps that include libpl_droidsonroids_gif.so https://gist.github.com/wdormann/874198c1bd29c7dd2157d9fc1d858263 …
2 replies 1 retweet 5 likes -
Great job. Just thinking... Nice idea would be shodan or wappalyzer-like database for Android Apps
1 reply 0 retweets 1 like
That'd probably be a great resource to have available. My gplaycli-based downloader is a simple toy, which is currently on hold until https://github.com/matlink/gplaycli/issues/228 … is fixed. But yeah, an official/public database would probably be quite useful.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.