f*****e 发帖数: 5177 | 1 http://techcrunch.com/2013/07/04/android-security-hole/
Mobile security startup Bluebox Security has unearthed a vulnerability in
Android’s security model which it says means that the nearly 900 million
Android phones released in the past four years could be exploited, or some
99% of Android devices. The vulnerability has apparently been around since
Android v1.6 (Donut), and was disclosed by the firm to Google back in
February. The Samsung Galaxy S4 has already apparently been patched.
It’s likely that Google is working on a patch for the vulnerability. We’ve
reached out to the company for comment and will update this story with any
response.
Bluebox intends to detail the flaw at the Black Hat USA conference at the
end of this month but in the meanwhile it’s written a blog delving into
some detail. The vulnerability apparently allows a hacker to turn a
legitimate app into a malicious Trojan by modifying APK code without
breaking the app’s cryptographic signature. Bluebox says the flaw exploits
discrepancies in how Android apps are cryptographically verified and
installed. Specifically it allows a hacker to change an app’s code, leaving
its cryptographic signature unchanged — thereby tricking Android into
believing the app itself is unchanged, and allowing the hacker to wreak
their merry havoc. | A******D 发帖数: 2844 | | k***e 发帖数: 7933 | 3 比较难,很多人就是google一下,下载安装
【在 A******D 的大作中提到】 : 不装来路不明的apk不就行了
|
|