Wednesday, July 24, 2013

First real world 'master key' exploit discovered sneaking malware into Android apps

Image

Two apps have been discovered on unofficial marketplaces in China that might just be the first in-the-wild exploits of the massive bug found by Bluebox two weeks ago. The so-called "master key" vulnerability, or a least an extremely close relative of it, was the point of entry for malware in these two apps, which now carry code that allows an attacker to remotely hijack a device, harvest sensitive data and even disable a number of mobile security suites. The concern here, is that this particular security hole allowed these alterations to be made without invalidating the apps' digital signatures. So, the malware was able to sneak through filters, hidden as a Trojan Horse inside pieces of legitimate software. Google has already patched the vulnerability, preventing compromised apps from slipping in to the official Play store. Additional updates addressing the flaw have been issued to carriers and manufacturers, but we all know it could be quite sometime before everyone applies the patches to their products.

Filed under: , ,

Comments

Via: Ars Technica

Source: Symantec

Source: http://www.engadget.com/2013/07/24/master-key-exploit-in-the-wild/?utm_medium=feed&utm_source=Feed_Classic&utm_campaign=Engadget

Olympics 2012 Olympic Schedule 2012 NBC Olympics NBC Olympics schedule 2012 Olympics Chad Everett London Olympics

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.