Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory.
The implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application’s implementation. Arbitrary code execution can provide a threat actor with full control over an application’s behavior. Meanwhile, token theft can provide a threat actor with access to the user’s accounts and sensitive data.
Read more…
Source: Microsoft
Related:
- Android spyware campaign spreads across the Middle East
June 27, 2019
A new campaign has been spotted making its way across the Middle East in an effort to steal device and communications data belonging to Android users. According to new research published by Kaspersky on Wednesday, the campaign — dubbed ViceLeaker — has been active since May 2018. “Dozens” of Android devices belonging to Israeli citizens were targeted in the ...
- Google deals Huawei major blow by cutting Android licence
May 20, 2019
Google is set to revoke Huawei’s access to its Android mobile operating system, dealing the Chinese company a major blow in accordance with US sanctions. Other than Apple devices which run on iOS, smartphones makers including Samsung and LG are almost all dependent on the Google-developed Android operating system to power their devices. According to reports by ...
- Google Warns of Growing Android Attack Vector: Backdoored SDKs and Pre-Installed Apps
April 1, 2019
Google is reporting an uptick in efforts by bad actors to plant potentially harmful applications (PHAs) on Android devices via pre-installed apps and by bundling them with system updates delivered over the air. The technique is especially troubling, Google said, because PHAs are often malicious and users have no control over what comes pre-installed on their ...
- Android Phones Can Get Hacked Just by Looking at a PNG Image
February 6, 2019
Using an Android device? Beware! You have to remain more caution while opening an image file on your smartphone—downloaded anywhere from the Internet or received through messaging or email apps. Yes, just viewing an innocuous-looking image could hack your Android smartphone—thanks to three newly-discovered critical vulnerabilities that affect millions of devices running recent versions of Google’s mobile ...
- New Android Malware Apps Use Motion Sensor to Evade Detection
January 18, 2019
Even after so many efforts by Google for preventing its Play Store from malware, shady apps somehow managed to fool its anti-malware protections and get into its service to infect Android users with malware. Two such Android apps have recently been spotted on the Google Play Store by security researchers with the Trend Micro malware research ...
- Spyware Disguises as Android Applications on Google Play
January 3, 2019
Trend Micro discovered a spyware (detected as ANDROIDOS_MOBSTSPY) which disguised itself as legitimate Android applications to gather information from users. The applications were available for download on Google Play in 2018, with some recorded to have already been downloaded over 100,000 times by users from all over the world. One of the applications we initially investigated ...