A flaw in Android could allow applications to be modified or replaced by malware
Nearly half of Android devices are vulnerable to an attack that can replace a legitimate application with malicious software that can collect sensitive data from a mobile phone.
Google , Samsung and Amazon have released fixes for their devices, but 49.5 % of Android users are still vulnerable, according to Palo Alto Networks found that the problem . Google said it had detected attempts to exploit the flaw.
A malicious application installed using the vulnerability, called “Android Installer Hijacking”, would have full access to a device, including data such as user names and passwords, Zhi Xu wrote, senior engineer at Palo Alto, a company that created a app to detect if there are vulnerabilities in devices .
The company has created two “exploits” that take advantage of the flaw, which involves how the APKs (“Android application packages” or Android application packages) are installed.
The vulnerability only affects applications that are installed from a store of third-party apps
.
No comments:
Post a Comment