Monday, July 22, 2013

In Google Play showed two applications using dangerous vulnerability Android - Vedomosti

In an online application store Google Play showed up two programs by themselves are harmless, but the use of potentially dangerous vulnerability of the operating system Android

senior analyst at antivirus company Bitdefender Bogdan Botezatu found on Google Play two games that use potentially dangerous vulnerability for Android, the most popular operating system for smartphones and tablets. The first game – Rose Wedding Cake Game – set up to 10,000 people, the second – Pirates Island Mahjong – up to 50 000.

cause for panic yet, Botezatu wrote in a blog: toys do not do anything dangerous. They contain two file formats PNG ( computer image format) with the same name, it is part of the interface of both games. When installing a certificate, the system checks the image, and second sets. Most likely, this is in error, according to Botezatu, but just as you can set the game to replace the well-known malicious application or program.

first about newly discovered vulnerability in the Android wrote in early July, Jeff Forristel, CTO Bluebox Security. « Hole” called Master Key ( «The Skeleton Key”), you can use it to run on a device running Android instead legal application, signed with a digital certificate known developer, malware without any certificate. Describe the vulnerability details Forristel promised to BlackHat hacker conference on August 1. But, do not wait for this, the problem described the developers of alternative Android-firmware CyanogenMod. Master Key is valid for devices running Android since version 1.6 ( four years ago).

Google has already released a patch for the program, Master Key, a representative of the anti-virus company knows « Doctor Web” Kirill Leonov, but this is not enough: you need to the same patches for specific phones and tablets and released their own producers. Meanwhile, manufacturers usually do not release an update for older models that were released a few years ago. Therefore, if the attackers take Master Key for service, they may suffer from a significant portion of users Android-backgrounds, warns Leonov.

No comments:

Post a Comment