Jump to content
Advertise With Us! Or Sign Up To Remove Ads!

Archived

This topic is now archived and is closed to further replies.

Fourth echelon

Another day, another stunning security flaw in Android – this time hitting 55% of mobes

Recommended Posts

Bug allows ordinary apps to gain control of gadgets

Fresh from sorting out the Stagefright flaw, Google has another serious security vulnerability in Android on its hands.

A privilege escalation hole allows normal apps to gain superpowers to snoop on a device's owner, smuggle in malware, and wreak other havoc. 

The vulnerability, CVE-2015-3825, affects about 55 per cent of Android handsets – basically version 4.3 and above, as well as the current build of Android M.

Flaws in the OpenSSLX509Certificate class in Android can be exploited by an app to compromise the system_server process – and gain powerful system-level access on the device.

"In a nutshell, advanced attackers could exploit this arbitrary code execution vulnerability to give a malicious app with no privileges the ability to become a "super app" and help the cybercriminals own the device," said Or Peles, security researcher at IBM's X-Force application security research team.

"In addition to this Android serialization vulnerability, the team also found several vulnerable third-party Android software development kits (SDKs), which can help attackers own apps."

http://www.theregister.co.uk/2015/08/10/another_android_flaw_hitting_55_percent_handsets/

Share this post


Link to post
Share on other sites

×