Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Submission + - Android Master Key Bug Details Made Public (

msm1267 writes: The details of the Android vulnerability that enables an attacker to create a malicious update to an APK file without breaking its cryptographic signature have become public but it appears as though Google will have a patch ready for the flaw by the time it’s fully disclosed early next month.

The vulnerability involves the way that Android handles integrity checks on APK files and enables an attacker to create two versions of a given file with the same name, one that is benign and will pass the signature check and another that contains exploit code. The two files can be combined in one zip file in such a way that the benign one will be used when the device checks the signature on it and then the malicious one will be loaded onto the device.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Android Master Key Bug Details Made Public

Comments Filter:

Use the Force, Luke.