Security Flaws in Preinstalled Apps on Ulefone and Krüger&Matz Phones Allow Unauthorized Device Resets and PIN Theft

Three security vulnerabilities have been identified in preloaded Android applications on Ulefone and Krüger&Matz smartphones. These flaws enable any installed app to factory reset the device and potentially encrypt other applications. Key details of the vulnerabilities include:

  • CVE-2024-13915 (CVSS score: 6.9): A pre-installed “com.pri.factorytest” app on Ulefone and Krüger&Matz devices exposes a service that permits any app to execute a factory reset.

  • CVE-2024-13916 (CVSS score: 6.9): The “com.pri.applock” app on Krüger&Matz smartphones allows users to encrypt apps using a PIN or biometric data. This app also exposes a method that lets malicious apps access sensitive fingerprint data.

Security Flaws in Preinstalled Apps on Ulefone and Krüger&Matz Smartphones Enable Malicious Actions

On June 2, 2025, significant security vulnerabilities were uncovered in pre-installed applications on smartphones manufactured by Ulefone and Krüger&Matz. These vulnerabilities could potentially allow any application downloaded onto these devices to conduct a factory reset or encrypt other applications using unauthorized access to sensitive user data.

The first vulnerability, identified as CVE-2024-13915 and rated with a CVSS score of 6.9, arises from a component of the “com.pri.factorytest” application. This app features a factory reset service, “com.pri.factorytest.emmc.FactoryResetService,” which inadvertently permits any installed application to execute a factory reset on the device. This flaw underscores a severe risk, as it effectively permits any user-installed app to erase all data, potentially leaving the device vulnerable to malicious exploitation.

The second vulnerability, referenced as CVE-2024-13916 and also scoring 6.9 on the CVSS scale, is found within the “com.pri.applock” application on Krüger&Matz devices. This application allows users to encrypt any app with a PIN code or biometric information. However, it exposes the “query()” method of the “com.android.providers.settings.fingerprint.PriFpShareProvider,” enabling a malicious app to access and utilize this sensitive fingerprint data. This capability not only poses a significant threat to personal privacy but can also facilitate unauthorized app encryption, thereby complicating the recovery of critical data.

The primary targets of these vulnerabilities include users of smartphones by Ulefone and Krüger&Matz, with potential ramifications extending to all individuals who engage with apps installed on these devices. The widespread nature of this vulnerability could give rise to a range of security concerns, particularly for businesses that utilize these devices for operations.

Both Ulefone and Krüger&Matz are based in Eastern Europe, a region often noted for its growing technology sector. These findings point to a broader issue within the mobile landscape where preinstalled applications can serve as vectors for significant security risks.

In terms of potential adversary tactics outlined in the MITRE ATT&CK framework, the vulnerabilities allow for initial access via user-installed applications that exploit the flaws in the preinstalled ones. Furthermore, the weaknesses represent opportunities for privilege escalation, as any malicious app could gain excessive control over data and functionality on the device.

Business owners, particularly those in sectors that leverage mobile technology, should remain vigilant in monitoring how these vulnerabilities may impact their operations. The likelihood of exploitation emphasizes the need for enhanced security measures and practices, ensuring that all applications—especially pre-installed ones—are scrutinized for potential weaknesses that could compromise sensitive information or disrupt business continuity.

In summary, the vulnerabilities identified in Ulefone and Krüger&Matz smartphones raise critical questions about device security in the mobile ecosystem. Businesses must take proactive steps to safeguard sensitive data against the threats posed by malicious applications and unauthorized access.

Source link

Related Posts

China-Linked Hackers Target SAP and SQL Server Vulnerabilities in Attacks Across Asia and Brazil

May 30, 2025
Vulnerability / Threat Intelligence

A China-linked threat group has been identified as the source of recent attacks exploiting a critical security flaw in SAP NetWeaver, part of a larger campaign against organizations in Brazil, India, and Southeast Asia that began in 2023. According to Trend Micro security researcher Joseph C. Chen, the attackers primarily exploit SQL injection vulnerabilities in web applications to infiltrate SQL servers of targeted entities. “The actor also leverages various known vulnerabilities to compromise public-facing servers,” Chen noted in a recent analysis. Key targets have included Indonesia, Malaysia, the Philippines, Thailand, and Vietnam. Trend Micro is tracking this activity under the name Earth Lamia, which shows some overlap with threat clusters reported by Elastic Security Labs as REF0657, Sophos as STAC6451, and Palo Alto Networks’ Unit 42.

Qualcomm Resolves Three Zero-Day Vulnerabilities Targeting Android Devices Through Adreno GPU

June 02, 2025
Spyware / Vulnerability

Qualcomm has released security updates to address three zero-day vulnerabilities that have been exploited in limited, targeted attacks. These flaws, responsibly disclosed by the Google Android Security team, include:

  • CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6): Two incorrect authorization vulnerabilities in the Graphics component that could lead to memory corruption due to unauthorized command execution in GPU microcode during specific command sequences.

  • CVE-2025-27038 (CVSS score: 7.5): A use-after-free vulnerability in the Graphics component that may result in memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

According to Qualcomm’s advisory, the Google Threat Analysis Group has indicated that CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038 might be under limited, targeted exploitation. Patches have been issued to resolve the vulnerabilities affecting the Adreno graphics architecture.

Urgent Chrome Zero-Day Vulnerability Being Actively Exploited; Google Releases Emergency Patch

June 3, 2025
Browser Security / Vulnerability

On Monday, Google announced emergency fixes for three security vulnerabilities in its Chrome browser, including a critical flaw currently being exploited in the wild. This high-severity issue, tracked as CVE-2025-5419 (CVSS score: 8.8), pertains to an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine. According to the National Vulnerability Database (NVD), “Out-of-bounds read and write in V8 in Google Chrome prior to version 137.0.7151.68 allowed remote attackers to potentially exploit heap corruption via a specially crafted HTML page.” The flaw was identified and reported by Clement Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG) on May 27, 2025, and was promptly addressed the following day with a configuration update to the Stable version of Chrome across all platforms. As is typical, the advisory provides limited details concerning the…

Critical 10-Year Vulnerability in Roundcube Webmail Allows Code Execution by Authenticated Users

On June 3, 2025, cybersecurity researchers revealed a significant security flaw in Roundcube webmail software, active for a decade, that could enable authenticated users to execute malicious code on vulnerable systems. Classified as CVE-2025-49113, the vulnerability has a CVSS score of 9.9 out of 10, highlighting its severity. It involves post-authentication remote code execution through PHP object deserialization. According to the National Vulnerability Database (NVD), “Roundcube Webmail versions before 1.5.10 and 1.6.x prior to 1.6.11 allow authenticated users to execute remote code due to the lack of validation for the _from parameter in the URL in program/actions/settings/upload.php.” This flaw affects all versions up to and including 1.6.10 but has been patched in versions 1.6.11 and 1.5.10 LTS. The vulnerability was discovered and reported by Kirill Firsov, founder and CEO of FearsOff.