The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Android Kitkat

Android "Fake ID" Vulnerability Allows Malware to Impersonate Trusted Apps

Android "Fake ID" Vulnerability Allows Malware to Impersonate Trusted Apps
July 30, 2014Swati Khandelwal
Due to the majority in the mobile platform, Google's Android operating system has been a prior target for cybercriminals and a recently exposed weakness in the way the operating system handles certificate validation, left millions of Android devices open to attack. Researchers at BlueBox security , who identified the vulnerability, dubbed the flaw as Fake ID , which affects all versions of Android operating system from 2.1 ( released in 2010 ) up to Android 4.4, also known as KitKat . ALL VERSIONS ARE VULNERABLE UPTO KITKAT Researchers marked the vulnerability as critical because it could allow a fake and malicious app to masquerade as a legitimate and trusted application, enabling an attacker to perform various actions such as inserting malicious code into a legitimate app, infiltrating your personal information or even take complete control of an affected device. Specifically, devices running the 3LM administration extension are at risk for a complete compromise, whic

Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw

Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw
June 27, 2014Swati Khandelwal
A critical code-execution vulnerability almost affecting everyone those are not running the most updated version of Google Android , i.e. Android version 4.4 also known as KitKat. After nine months of vulnerability disclosure to the Android security team, researchers of the Application Security team at IBM have finally revealed all the possible details of a serious code-execution vulnerability that still affects the Android devices running versions 4.3 and earlier, which could allow attackers to exfiltrate sensitive information from the vulnerable devices. " Considering Android's fragmented nature and the fact that this was a code-execution vulnerability, we decided to wait a bit with the public disclosure ," said Roee Hay, a security research group leader at IBM. The researchers found the stack buffer overflow vulnerability that resides in the Android's KeyStore storage service, which according to the Android developers' website is the service code running in Androi
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.