This vulnerability was discovered by researchers at the Palo Alto Networks and only works when the apps are downloaded from another store than Google Play or when the user clicks a reference to a promotion for apps advertising.
This malware takes advantage of the fact that the affected devices do not check the app that will use is the same for which the user has permissions during installation. In other words, vulnerability exploits a flaw in the way the system install apps, reveals the Ars Technica .
One way to exploit this vulnerability is to use a seemingly benign app to install malware , and another is to mask the true permissions that the app needs. In both cases, users may end up installing apps that are quite different from those approved during the process of permissions.
The vulnerability has been fixed in the updated version 4.3 of Android. However, according to figures provided by Google, 49.9% of the devices with the operating system of the company existing on the planet have earlier versions, so still susceptible to this malware. For these cases, the Palo Alto Networks recommends using only the Google Play to download apps.
No comments:
Post a Comment