Atomars
Active+ Member
- Messages
- 3,287
- Joined
- May 5, 2011
- Messages
- 3,287
- Reaction score
- 105
- Points
- 33
A newly uncovered security hole in Android OS could leave as many as 99 percent devices vulnerable.
According to Bluebox Security, there is a security flaw that has existed in Android since version 1.6, Donut.
They said, the security flaw allows app developers to modify the code of legitimate APK files without breaking the cryptographic signature.
This means that the files could still be loaded as coming from a trusted source.
However, the malicious parties would need to trick someone into installing the software, and they could potentially masquerade as an update from the manufacturer.
Luckily they wouldn’t be able to push these out over the air (OTA), so that delivery method should still be considered to be safe.
Bluebox CTO Jeff Forristal says that it notified Google as early as this past February regarding the security hole, but he said that only one phone has thus far patched the issue, that is the Samsung Galaxy S4.
It is unknown when any other security patches will roll out to fix the other Android devices in circulation, so the best bet is to make sure that you only download software from the most trusted sources such as the Google Play store or updates via OTA from your phone’s manufacturer.
