Multiple vulnerabilities fount in 3 android application which allow mobile phone as a remote mouse or keyboard for computers. CVE-2022-45477 to CVE-2022-45483 discovered by Synopsys Cybersecurity Research Center and they published these vulnerability after not getting response form application vendor side within the 90 days timeline.
Telepad, PC Keyboard and Lazy Mouse are the application which is affected by these vulnerability.
"CyRC research uncovered weak or missing authentication mechanisms, missing authorization, and insecure communication vulnerabilities in the three apps. An exploit of the authentication and authorization vulnerabilities could allow remote unauthenticated attackers to execute arbitrary commands. Similarly, an exploit of the insecure communication vulnerability exposes the user’s keystrokes, including sensitive information such as usernames and passwords.
Mouse and keyboard applications use a variety of network protocols to exchange mouse and keystroke instructions. Although the vulnerabilities are all related to the authentication, authorization, and transmission implementations, each application’s failure mechanism is different. The CyRC found vulnerabilities that enable authentication bypasses and remote code execution in the three applications, but did not find a single method of exploitation that applies to all three." CyRC said in his Advisory .
No comments:
Post a Comment