Google has released a fix in response to Bluebox Security’s claim to have found a vulnerability in the security model of Android. One that could enable attackers to transform 99% of all apps into Trojan malware. Google stated that the security hole has been patched, and the said patch has been released to the OEM (Original Equipment Manufacturers).
CTO of Bluebox Security, Jeff Forristal had stated that the security hole has been around at least since the time of the release of Android 1.6. He then states that the security exploit could affect all Android phones released in the past 4 years. It also means that, approximately 900 million devices could have been affected if the security hole was used by the attackers.
The vulnerability exists in the process of verification and installation of Android apps. Each one of the Android apps has a cryptographic signature that’s used to make sure that the contents of an app don’t get tampered with. On the contrary, the security hole supposedly enables the attackers to modify the content of the apps keeping the secure signature intact. Communication manager of Google, Gina Scigliano, stated that there isn’t any official statement from Google in this regard.
With Google patching the exploit, now we’ll have to wait for the manufactures to add the security patch to upcoming updates. Therefore, Android users will have to wait for their respective vendors to receive the update. According to the media communications manager, the users don’t need to worry much as there has been no incidence of exploitation of the security hole.
This exploit is nothing new, but the fact that it’s finally been patched is good news. Continue using safe methods by only installing apps from the Play Store, and you won’t have a problem.
VIA: ZDNET
What about the Nexus line of products?
This is how lucky patcher app works 😉
Lucky Patcher is a great tool for all root users and soon a new one is coming which will allow users to install w/o root.. don’t know what more to say… I feel sorry for facebook and… anyways