More Android exploits

As I pointed out in a previous post, Android is, if used incorrectly, just as insecure as any normal PC. After writing that post, a few reports on exploitable vulnerabilites in Android has surfaced.

There seems to be a bug in the credentials manager, which can be exploited to install applications without the users approval:

http://news.cnet.com/8301-27080_3-20022545-245.html
http://www.swedroid.se/sakerhetshal-i-android-funnet-android-1-x-till-2-2-drabbat/ (In Swedish)
http://www.idg.se/2.1085/1.352716/android-drabbat-av-allvarlig-bugg/ (Also in Swedish)

There is also a vulnerability in the browser in most Android phones on the market today:

http://www.securecomputing.net.au/News/237976,android-exploit-code-published.aspx

In addition to this, on November 2, Coverity Inc., famous for its array of various code analysis software, published a report about a number of potential security issues in the Linux kernel used in Android:

http://www.coverity.com/html/press/coverity-scan-2010-report-reveals-high-risk-software-flaws-in-android.html

So, as already pointed out: Be careful about which applications you download and which web sites you visit with your Android phone (or any network capable device, for that matter)!

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>