The following vulnerabilities were discovered in a company’s standard-issue mobile devices:
Vulnerability A: An information disclosure vulnerability in kernel components could enable a local malicious application to access outside of its permission levels after first compromising a privileged process mote
Vulnerability B: LibUtils mishandles conversions between Unicode character encodings with different encoding widths, which a ows remote attackers to execute arbitrary code or cause a denial of service via a crafted file
Vulnerability C: An elevation of privilege vulnerability in the framework APIs that execute after a user interacts with an attack mechanism could allow a local malicious application to record audio without the user’s knowledge.
Vulnerability D: server/content/SyncStorageEngine.java mismanages certain authority data, which allows attackers to cause a DoS (reboot loop) via a crafted application downloaded by the user
Which of the following should be considered the MOST serious?
a. Vulnerability A
b. Vulnerability B
c. Vulnerability C
d. Vulnerability D
Answer:---------
b. Vulnerability B: LibUtils mishandles conversions
between Unicode character encodings with different encoding widths,
which a ows remote attackers to execute arbitrary code or cause a
denial of service via a crafted file.
The following vulnerabilities were discovered in a company’s standard-issue mobile devices: Vulnerability A: An information disclosure...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...