Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - Android Update Enables Malicious Updates to Bypass Digital Signatures-> 1

Submitted by msm1267
msm1267 (2804139) writes "A vulnerability exists in the Android code base that would allow a hacker to modify a legitimate, digitally signed Android application package file (APK) and not break the app’s cryptographic signature—an action that would normally set off a red flag that something is amiss.

Researchers at startup Bluebox Security will disclose details on the vulnerability at the upcoming Black Hat Briefings in Las Vegas on Aug. 1. In the meantime, some handset vendors have patched the issue; Google will soon release a patch to the Android Open Source Project (AOSP), Bluebox chief technology officer Jeff Forristal said.

The vulnerability, Bluebox said, affects multiple generations of Android devices since 1.6, the Donut version, which is about four years old. Nearly 900 million devices are potentially affected."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Android Update Enables Malicious Updates to Bypass Digital Signatures

Comments Filter:

"One Architecture, One OS" also translates as "One Egg, One Basket".

Working...