Some of Our Sources
- Engadget
- TutsPlus - Code
- Pearsonified
- Abduzeedo
- Creative Curio
- Noupe
- My Ink Blog
- Stylized Web
- CSS Tricks
- Dev To
Help Webnuz
Referal links:
August 11, 2015 02:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/gENzwsob074/severe-deserialization-vulnerabilities-found-in-android-3rd-party-android-sdks
Severe Deserialization Vulnerabilities Found In Android, 3rd Party Android SDKs
An anonymous reader writes: Closely behind the discoveries of the Stagefright flaw, the hole in Android's mediaserver service that can put devices into a coma, and the Certifi-gate bug, comes that of an Android serialization vulnerability that affects Android versions 4.3 to 5.1 (i.e. over 55 percent of all Android phones). The bug (CVE-2015-3825), discovered by IBM's X-Force Application Security Research Team in the OpenSSLX509Certificate class in the Android platform, can be used to turn malicious apps with no privileges into "super" apps that will allow cyber attackers to thoroughly "own" the victim's device. In-depth technical details about the vulnerabilities are available in this paper the researchers are set to present at USENIX WOOT '15.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/gENzwsob074/severe-deserialization-vulnerabilities-found-in-android-3rd-party-android-sdks
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot