CVE-2025-68708 describes a local authentication bypass in SailingLab AppLock (com.alpha.applock) version 4.3.8 for Android, published 2026-05-26. The application implements its PIN lock as an overlay rather than using Android's secure authentication APIs. A local attacker with physical device access can bypass this lock by navigating through cascading interface flows—specifically via advertisement or brow [truncated]
CVE-2025-68709 describes a local arbitrary JavaScript execution vulnerability in SailingLab AppLock (package name com.alpha.applock) version 4.3.8 for Android. The application's BrowserMainActivity component accepts VIEW intents containing javascript: URIs without proper validation, enabling an attacker with local access to execute arbitrary JavaScript code. This unsafe navigation path may facilitate UI s [truncated]
