Blog | G5 Cyber Security

Researchers find another Android attack that can get past signature checks

A second vulnerability that can be exploited to modify legitimate Android apps without breaking their digital signatures has been identified. The flaw is different from the so-called “masterkey” vulnerability announced last Wednesday. Android records the digital signature of an application when it is first installed and a sandbox is created for it. The new vulnerability allows attackers to inject code into files that exist in APKs, specifically in their headers, in a way that bypasses the signature verification process. Attackers can trick users into installing fake updates for their already installed applications that would get access to potentially sensitive data.”]

Source: https://www.csoonline.com/article/2133679/researchers-find-another-android-attack-that-can-get-past-signature-checks.html

Exit mobile version