Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Proof-of-concept exploit available for Android app signature check vulnerability

Lucian Constantin | July 10, 2013
Technical details about a vulnerability allowing rogue modifications of legitimate Android apps were publicly disclosed.

It would have been better if technical details about the vulnerability had not been disclosed until Black Hat, as Bluebox Security originally intended, the researcher said. However, "I'm sure that Jeff Forristal's [the Bluebox CTO] Black Hat talk will not disappoint, even if the details of the vulnerability are known," he said.

"A coordinated disclosure usually makes sure most users are safe when the details of the vulnerability are disclosed, but due to the nature of the Android ecosystem, vendors and carriers will not deploy a patch for abandoned devices and sadly many devices will remain vulnerable forever," Oliva Fora said.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.