“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps


Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory.

The implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application’s implementation. Arbitrary code execution can provide a threat actor with full control over an application’s behavior. Meanwhile, token theft can provide a threat actor with access to the user’s accounts and sensitive data.

Read more…
Source: Microsoft


Sign up for our Newsletter


Related:

  • Spyware vendor targets users in Italy and Kazakhstan

    June 23, 2022

    Google has been tracking the activities of commercial spyware vendors for years, and taking steps to protect people. Just last week, Google testified at the EU Parliamentary hearing on “Big Tech and Spyware” about the work we have done to monitor and disrupt this thriving industry. Seven of the nine zero-day vulnerabilities our Threat Analysis Group ...

  • New Android malware bypasses multi-factor authentication to steal your passwords

    June 16, 2022

    A newly discovered form of Android malware steals passwords, bank details and cryptocurrency wallets from users – and it does so by bypassing multi-factor authentication protections. The malware has been detailed by cybersecurity researchers at F5 Labs, who’ve dubbed it MaliBot. It’s the latest in a string of powerful malware targeting Android users. In addition to remotely ...

  • Android patches incoming for NAS-ty memory overwrite flaw

    June 3, 2022

    A critical flaw in the LTE firmware of the fourth-largest smartphone chip biz in the world could be exploited over the air to block people’s communications and deny services. The vulnerability in the baseband – or radio modem – of UNISOC’s chipset was found by folks at Check Point Research who were looking for ways the ...

  • WinDealer dealing on the side

    June 2, 2022

    LuoYu is a lesser-known threat actor that has been active since 2008. It primarily goes after targets located in China, such as foreign diplomatic organizations established in the country, members of the academic community, or companies from the defense, logistics and telecommunications sectors. In their initial disclosures on this threat actor, TeamT5 identified three malware ...

  • New ERMAC 2.0 Android malware steals accounts, wallets from 467 apps

    May 26, 2022

    The ERMAC Android banking trojan has released version 2.0, increasing the number of applications targeted from 378 to 467, covering a much wider range of apps to steal account credentials and crypto wallets. The goal of the trojan is to send stolen login credentials to threat actors, who then use them to take control of other ...

  • Protecting Android users from 0-Day attacks

    May 19, 2022

    To protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. In 2021, we reported nine 0-days affecting Chrome, Android, Apple and Microsoft, leading to patches to protect users from these attacks. This blog is a follow up to our July 2021 post on four 0-day vulnerabilities we discovered in 2021, ...