Get a Pentest and security assessment of your IT network.

News

Researchers find another Android attack that can get past signature checks

A second vulnerability that can be exploited to modify legitimate Android apps without breaking their digital signatures has been identified. The flaw is different from the so-called “masterkey” vulnerability announced last Wednesday. Android records the digital signature of an application when it is first installed and a sandbox is created for it. The new vulnerability allows attackers to inject code into files that exist in APKs, specifically in their headers, in a way that bypasses the signature verification process. Attackers can trick users into installing fake updates for their already installed applications that would get access to potentially sensitive data.”]

Source: https://www.csoonline.com/article/2133679/researchers-find-another-android-attack-that-can-get-past-signature-checks.html

Related posts
News

Ashley Madison 2.0 Hackers Leak 20GB Data Dump, Including CEO's Emails

News

Art of Twitter account hacking

News

Botnet authors use Evernote account as C&C Server

News

Canadian agency breached as hackers exploit CVE-2017-5638 flaw in Apache Struts 2