Another serious flaw discovery and again on Android! After being known a serious security flaw (Stagefright) that can be easily seen, and the attacker only needs to know the number of mobile phone and another vulnerability that could let the inoperative terminal, has now been found that a third failure affects 55% of devices .
While the vulnerability baptized of Stagefright affected 95% of all Android with version between 2.2 and 5.1, the vulnerability that leaves them inoperable devices “only” affects devices with Android 4.3 and higher (corresponding to about 56.8%). According to thehackernews site, this third failure discovery now affects 55% of Android devices worldwide.
But how vulnerability?
The research was made by IBM researchers found that an application can escalate privileges, ie an application without privileges can “transform” a ‘super app’ and so help hackers to obtain information from our device. This vulnerability ( CVE-2015-3825) affects all devices with Android 4.3 or higher.
Failure is a Android platform component with the name OpenSSLX509Certificate that can be easily exploited by a malicious app.
In the following video the researchers show a proof of concept attack, using the Facebook app.
IBM notified that Google quickly released a security patch. However, there are indications that most of the infected equipment have not yet received. All information about this vulnerability can be read in the paper that was published:. Here
Source : thehackernews
No comments:
Post a Comment