Download
| Alert*
oval:org.secpod.oval:def:6489
The mobile device is installed with Android operating system. oval:org.secpod.oval:def:6499 Require password when screen is idle for more than the given minutes oval:org.secpod.oval:def:6498 Expire password after 90 days or less oval:org.secpod.oval:def:6497 The Android device can be configured to reset itself to factory defaults after excessive password failure attempts. It is recommended that this feature is enabled to block brute force methods to unlock the device. oval:org.secpod.oval:def:6496 The Android device can be configured to require a minimum password character length as per the organizational password policies.. It is recommended to set password length be at least five (5) characters. oval:org.secpod.oval:def:6491 As Bluetooth allows devices to connect wirelessly to other devices and accessories, it is recommended to turn-off Bluetooth when not in use. oval:org.secpod.oval:def:6490 It is recommended to keep the Android 2.3 device firmware updated. oval:org.secpod.oval:def:6495 As the Airplane Mode or Flight Mode when enabled allows no phone, GPS, radio, Wi-Fi, or Bluetooth signals are emitted from or received by the device. It is recommended to enable Airplane Mode when the device must not emit any signal. oval:org.secpod.oval:def:6494 It is recommended that Network availability notification is disabled. oval:org.secpod.oval:def:6493 Location Services allow user's location to be fetched and accessed by the applications such as Maps and Internet websites. It is recommended that location services be disabled. oval:org.secpod.oval:def:6492 Mobile devices contain sensitive information realted to configurations and credentials that can enable an attacker to retrieve from other sources the device is conneted with. It is recommended to keep sensitive information encrypted. oval:org.secpod.oval:def:6503 Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and Charlie Miller at Black Hat USA 2009. oval:org.secpod.oval:def:6501 Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRus ... oval:org.secpod.oval:def:6508 Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com. oval:org.secpod.oval:def:6504 The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handl ... oval:org.secpod.oval:def:6509 The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/. oval:org.secpod.oval:def:6502 Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK. oval:org.secpod.oval:def:6505 data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service. oval:org.secpod.oval:def:6507 The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an ArrayIndexOutOfBoundsException exception, possibly a related issue to CV ... oval:org.secpod.oval:def:6506 Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request b ... |