Saturday, June 28, 2014

Android 4.4 is PATCHED but earlier versions still vulnerable

IBM researchers have discovered a critical security vulnerability in Android 4.3 (Jelly Bean) and below which could allow attackers to exfiltrate sensitive information - credentials, private keys - from vulnerable devices. The vulnerability is found in Android's secure storage service KeyStore, and can be misused to cause a stack-based buffer overflow, which would then allow malicious code to be executed under the keystore process. The vulnerability was discovered last September, and immediately disclosed to the Android Security Team. A patch for the flaw was included in the new Android version (4.4 - KitKat) a few months later <more>

No comments: