Mobile-Security

🟠 High | Source: The Hacker News A vulnerability in Google Gemini’s Android integration allowed malicious content embedded in notifications from apps such as WhatsApp, Slack, Signal, and SMS to hijack the AI assistant without requiring any installed malware. An attacker could craft a poisoned notification that caused Gemini to open browser windows, impersonate contacts, initiate calls, or corrupt the assistant’s long-term memory. This is a prompt injection attack exploiting the trust Gemini places in notification content it processes. ...

🟠 High | Source: The Hacker News A prompt injection vulnerability in Google Gemini on Android allowed hostile content embedded in notifications from apps such as WhatsApp, Slack, Signal, and SMS to hijack the AI assistant without requiring any malicious app to be installed. An attacker could craft a poisoned message or notification that caused Gemini to perform unauthorised actions — including impersonating contacts, initiating calls, or corrupting its long-term memory. The attack required no user interaction beyond the assistant processing the notification, making it particularly dangerous for enterprise users relying on AI-assisted workflows. ...

🔴 Critical | Source: The Hacker News A debug flag accidentally left enabled in production builds of multiple Microsoft 365 Android apps disabled a security check that restricts account token sharing to trusted Microsoft applications. As a result, any app installed on the same Android device could silently request and receive the signed-in user’s authentication token, granting full access to email, files, calendar, and the ability to send messages on their behalf. No user interaction, credentials, or elevated permissions were required to exploit this. ...

🔴 Critical | Source: The Hacker News A debug flag accidentally left enabled in production builds of multiple Microsoft 365 Android apps disabled the trust check that normally restricts account-token sharing to authorised Microsoft applications. As a result, any app installed on the same Android device could silently request and receive a valid authentication token, granting full access to the victim’s email, files, calendar, and messaging without any user interaction or additional permissions. The flaw affects any user running a vulnerable Microsoft 365 Android app while also having a malicious or compromised app on the same device. ...

🟠 High | Source: The Hacker News Google’s June 2026 Android security update addresses 124 vulnerabilities, including a high-severity privilege escalation flaw (CVE-2025-48595) in the Android Framework component that is actively being exploited in the wild. The flaw requires no user interaction, making it particularly dangerous as attackers can escalate privileges silently. Organisations with Android devices in their mobile fleet or BYOD programmes should treat this update as urgent. Architect’s Take: Prioritise enforcement of this patch across managed Android devices via your MDM solution (e.g. Intune, Jamf, or Google Endpoint Management) — focus first on devices accessing corporate cloud resources or sensitive SaaS applications. Review your mobile threat defence policies to detect any exploitation attempts against unpatched devices in the interim. ...