The Android Bug 8219321

Posted by muamar Rabu, 10 Juli 2013 0 komentar
There's a lot of talk about an Android security bug that affects almost all the Android devices. Jeff Forristal from Bluebox Security reported that "the vulnerability involves discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature. Details of Android security bug 8219321 were responsibly disclosed through Bluebox Security's close relationship with Google in February 2013."

So the bug could allow someone to create a modified version of an system app and trick other people to install it. The modified version could include malicious code.

Actually, the bug is simple: APK files are ZIP archives and Android allows APK files to include files with the same name. "It's a problem in the way Android handles APKs that have duplicate file names inside," says Pau Oliva Fora, security engineer at security firm ViaForensics. "The entry which is verified for signature is the second one inside the APK, and the entry which ends up being installed is the first one inside the APK - the injected one that can contain the malicious payload and is not checked for signature at all."

The problem is that Android supported duplicate file names in APKs and the patch removed this support. The patch is extremely simple: return an error if the APK file has duplicate file names.


Apparently, Geremy Condra from Google wrote a patch in February. "Google made changes to Google Play in order to detect apps modified in this way and a patch has already been shared with device manufacturers," informs ComputerWorld. CyanogenMod included the bug fix in the latest release, faster than OEMs and even Google, which didn't update Nexus devices to address this issue.

The bug #8219321 is now a test that will show us how fast Google, OEMs and carriers can deploy security patches. For now, CyanogenMod is the place to go to get the latest features and security patches.
TERIMA KASIH ATAS KUNJUNGAN SAUDARA
Judul: The Android Bug 8219321
Ditulis oleh muamar
Rating Blog 5 dari 5
Semoga artikel ini bermanfaat bagi saudara. Jika ingin mengutip, baik itu sebagian atau keseluruhan dari isi artikel ini harap menyertakan link dofollow ke http://androidkindle.blogspot.com/2013/07/the-android-bug-8219321.html. Terima kasih sudah singgah membaca artikel ini.

0 komentar:

Posting Komentar

Trik SEO Terbaru support Online Shop Baju Wanita - Original design by Bamz | Copyright of android kindle.