Jump to content
Our website is made possible by displaying online advertisements to our visitors.

Please consider supporting us by disabling your ad blocker.
Sign in to follow this  
Fourth echelon

Another day, another stunning security flaw in Android – this time hitting 55% of mobes

Rate this topic

Recommended Posts

Bug allows ordinary apps to gain control of gadgets

Fresh from sorting out the Stagefright flaw, Google has another serious security vulnerability in Android on its hands.

A privilege escalation hole allows normal apps to gain superpowers to snoop on a device's owner, smuggle in malware, and wreak other havoc. 

The vulnerability, CVE-2015-3825, affects about 55 per cent of Android handsets – basically version 4.3 and above, as well as the current build of Android M.

Flaws in the OpenSSLX509Certificate class in Android can be exploited by an app to compromise the system_server process – and gain powerful system-level access on the device.

"In a nutshell, advanced attackers could exploit this arbitrary code execution vulnerability to give a malicious app with no privileges the ability to become a "super app" and help the cybercriminals own the device," said Or Peles, security researcher at IBM's X-Force application security research team.

"In addition to this Android serialization vulnerability, the team also found several vulnerable third-party Android software development kits (SDKs), which can help attackers own apps."


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up to our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  1. Jump To Top