Tuesday, 11 August 2015

New Android Apps Leak Allows Device Completely Take Over

A new vulnerability in Android gives attackers the opportunity to participate fully devices via a malicious app or install malware. The app need in this case not have to have special privileges, as there via the leak system rights can be obtained.

Once the app elevated privileges acquired, it is possible random apps that are already installed on the device can be replaced by infected versions, in order to steal passwords and other data, or SELinux policy of the device can be adjusted. The vulnerability is present in Android 4.3 to 5.1, as well as the M Preview 1, which represents more than 55% of Android devices.After being informed of the problem, Google in Android 4.4, 5.0, 5.1 and M patched and Google Play Services. This week researchers from IBM give a presentation about the leak ( pdf ).

No comments:

Post a Comment