Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

+ - Android Master Key Bug Details Made Public->

Submitted by msm1267
msm1267 (2804139) writes "The details of the Android vulnerability that enables an attacker to create a malicious update to an APK file without breaking its cryptographic signature have become public but it appears as though Google will have a patch ready for the flaw by the time it’s fully disclosed early next month.

The vulnerability involves the way that Android handles integrity checks on APK files and enables an attacker to create two versions of a given file with the same name, one that is benign and will pass the signature check and another that contains exploit code. The two files can be combined in one zip file in such a way that the benign one will be used when the device checks the signature on it and then the malicious one will be loaded onto the device."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Android Master Key Bug Details Made Public

Comments Filter:

"Any excuse will serve a tyrant." -- Aesop

Working...