An Interest In:
Web News this Week
- April 20, 2024
- April 19, 2024
- April 18, 2024
- April 17, 2024
- April 16, 2024
- April 15, 2024
- April 14, 2024
Some of Our Sources
- Slashdot
- Engadget
- Mashable
- Techcrunch
- The Logo Smith
- Smashing Apps
- Fuel Your Creativity
- Naldz Graphics
- Crazy Leaf Design
- The Verge
Help Webnuz
Referal links:
April 25, 2016 06:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/jBda2px-Awc/active-drive-by-exploits-critical-android-bugs-care-of-hacking-team
Active Drive-By Exploits Critical Android Bugs, Care Of Hacking Team
Dan Goodin, reporting for Ars Technica: An ongoing drive-by attack is forcing ransomware onto Android smartphones by exploiting critical vulnerabilities in older versions of Google's mobile operating system still in use by millions of people, according to research scheduled to be published Monday. The attack combines exploits for at least two critical vulnerabilities contained in Android versions 4.0 through 4.3, including an exploit known as Towelroot, which gives attackers unfettered "root" access to vulnerable phones. The exploit code appears to borrow heavily from, if not copy outright, some of these Android attack scripts, which leaked to the world following the embarrassing breach of Italy-based Hacking Team in July. Additional data indicates devices running Android 4.4 may also be infected, possibly by exploiting a different set of vulnerabilities.Blue Coat, a California-based provider of security and networking solutions writes: This is the first time, to my knowledge; an exploit kit has been able to successfully install malicious apps on a mobile device without any user interaction on the part of the victim. During the attack, the device did not display the normal "application permissions" dialog box that typically precedes installation of an Android application. After consulting with analyst Joshua Drake of Zimperium, he was able to confirm that the Javascript used to initiate the attack contains an exploit against libxslt that was leaked during the Hacking Team breach. Drake also confirmed that the payload of that exploit, a Linux ELF executable named module.so, contains the code for the "futex" or "Towelroot" exploit that was first disclosed at the end of 2014.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/jBda2px-Awc/active-drive-by-exploits-critical-android-bugs-care-of-hacking-team
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot