Two new vulnerabilities found by the same team of Jon Oberheide and Zach Lanier, who had previously made an application on the Android Market, which shows that malicious developers can install additional applications without the user's knowledge. At that time, the problems were resolved quickly by Google, but now the duo could make Google work for patches for the operating system again.
The first flaw is a permission escalation vulnerability because it affects all Android phones, regardless of operating system version. The flaw allows attackers to install arbitrary applications with arbitrary permissions without asking the user to the facility. Once deployed, attackers can install anything they want at all costs to access data such as call logs, texts, browsing history, and the media. The second error affects only the Samsung Nexus S, and allows the attacker to gain root access and then take full control on the phone.
-Source.
No comments:
Post a Comment