Google has released a patch for vulnerabilities in Android

    The vulnerability previously mentioned on Habr in Android, which "... allows attackers to turn any application into a trojan, " was fixed and the patch was transferred to the manufacturers.

    The vulnerability discovered by the Bluebox Labs team was that a hacker could modify the application’s APK file without changing the corresponding cryptographic signature. It has been argued that more than 900 million devices running various versions of Android are potentially affected, starting with 1.6.

    Android Team Public Relations Manager Gina Scigliano) told ZDNet observers that her company was not going to make an official statement about the problems in Android, but simply confirmed that the corresponding patch had already been sent to OEMs (Samsung, in particular), which were already using it on the end devices.

    Gina also expectedly reported that there was nothing to worry about:
    We have no evidence that anyone has exploited the vulnerability in Google Play or other app stores. Google Play is scanned for problems, the Verify Apps mechanism provides protection to Android users who download the application bypassing the official store.

    Original
    We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools. Google Play scans for this issue - and Verify Apps provides protection for Android users who download apps to their devices outside of Play.


    [ Source ]

    Also popular now: