In a follow up to our recent report regarding how an Android Security Bug was found to let hackers gain system access, Google has released a fix to its Android original equipment manufacturers (OEM’s) for this bug, named: Android security bug 8219321 as unearthed by Bluebox Security in February this year. The flaw was confirmed from Google’s Android Communications Manager, Gina Scigliano, she said “a patch has been provided to our partners.” She also mentioned “Some OEMs, like Samsung, are already shipping the fix to the Android devices.”
The flaw in question will allow a hacker to turn a legitimate app into malicious files by modifying APK code without breaking the app’s cryptographic signature. In response to this, Google has already modified its Play Store’s app entry process to scan for the exploit so apps that have been modified using this vulnerability can no longer be distributed via the Play Store. Bluebox Security discovered the hole in Android’s code, which it claims could potentially affect 99 percent of Android devices, back in February and informed Google at that time. (but only made it public recently). Samsung’s Galaxy S4 was named then as one Android device that had already been patched, so it seems likely that this model is the device Gina Scigliano referred to when she cited Samsung as a manufacturer already shipping a fix. The problem for Android users is that even though Google has now in fact released a fix to its OEMs, they still have to wait for the maker of their particular handset to implement and ship the fix. This also poses another question, how long before their particular carrier tests it? Having to wait around to receive updates is a byproduct of the freeness and fragmentation of the Android sphere, still, it does not sound like this particular Android flaw has been widely exploited thus far. Scigliano has told ZDNet: “We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools. Google Play scans for this issue and Verify Apps provides protection for Android users who download apps to their devices outside of Play.” But just because it has not been widely exploited yet, does not mean it will not be…does it?
Source: http://techcrunch.com/2013/07/09/google-plugs-android-hole/
Showing posts with label Android. Show all posts
Showing posts with label Android. Show all posts
Google Releases OEM Patch For Major Android Security Flaw
7/15/2013 10:40:00 PM
Ee Blog
Subscribe to:
Posts (Atom)
Popular Posts
-
I'm sure lots of you use the well-known Facebook, and I'm sure many of you are familiar with their new little chat system they ha...
-
Credits to: ReTsEhC0401 Simple steps: Log in your FB account. Click this REWARD LINK : HERE After clicking it... (You should s...
-
We give you the opportunity to advertise on this blog with a fairly affordable price, namely: 1. $5 USD/ month for banner ad size of 125x1...
-
Now, This is a new Coin Hack. It's very working, like a brush coin cheat. Name is changed "Manito Coin" , this cheat sumbit by...
-
Kamen Rider V3 airing from 1973 to 1974, the series ran for 52 episodes and followed Shiro Kazami on his quest to gain revenge against t...