The security problems have affected particularly strongly to Google and their mobile ecosystem. There are several known situations that reveal problems in the operating system, as well as throughout the service structure that is associated with.
Now there arose a new failure that is associated with the Play Store, which allows an attacker force the installation and execution of applications without the user authorizes it.
This problem, despite being widespread in the available versions of Android, is affecting more directly versions of Android Jelly Bean and earlier.
Failure now discovery allows an attacker to explore the Android browser and get the installation of the Play Store applications to be performed without the user having to give their consent.
The problem is an incomplete implementation of the X-Frame-Options (XFO) that exists in the Play Store. This feature is intended to prevent the execution of malicious scripts within the Google application store and thus is exposed to problems.
The discovery of this problem was made late last year and reported at the time the Google to resolve that and to launch a solution to this failure.
If exploited, this flaw gives the attacker access to the equipment with permissions to be able to install and run applications without restriction and, as stated before, without the need for any intervention by the user.
For this to happen it is sufficient that the user is authenticated on the Play Store with your Google account and use the browser is one of the browser versions that came older versions of Android.
Thereafter, and with just a few line of JavaScript or any other web programming language, it becomes possible to exploit the flaw and lead to install and run any application .
According to the description that is, and that is public, the simplest way for users to protect themselves is through the use of newer browsers and where the X-Frame-Options (XFO) is correctly implemented. The recommendations call for the use Chrome, Firefox or Dolphin Browser.
The description of the failure was made in the community Rapid7 and its author Joe is Vennix, which extended the operation of a fault UXSS already reported before.
Since the most affected is the Android version 4.3 Jelly Bean ends up leaving exposed a large number of devices. This is, according to the very latest information Google, one of the most used versions in the Android universe.
Android versions prior to 4.3 are also exposed to the problems and suffer from the same security holes.
It is now Google’s side by creating a solution to address this vulnerability and thus protect a large part of the users of your operating system
.
-> ->
<-
<-
Filed in category:
->
No comments:
Post a Comment