Security firm TrendMicro has released a new report that states that 75% of users are vulnerable to multiple attacks.
This is a widespread vulnerability dating back to the January 2010 release of Android 2.1 and affecting all devices that are not patched for Google bug 13678484, disclosed to Google and released for patching in April 2014. All devices prior to Android 4.4 (“KitKat”) are vulnerable to the Adobe System webview plugin privilege escalation, which allows a malicious application to inject Trojan horse code (in the form of a webview plugin) into other apps, which leads to taking control of the entire app, all of the apps’s data, and being able to do anything the app is allowed to do. Android 4.4 is vulnerable to Fake ID, but not specifically to the Adobe System webview plugin due to a change in the webview component (the switch from webkit to Chromium moved away from the vulnerable Adobe-centric plugin code). — BlueBox Labs Blog
The Android Browser flaws discussed in the report surround the default Android browser’s enforcement of Same Origin Policy. This flaw allows malicious apps to access sites that the user might have private data on and then execute JavaScript functions against that site without the user’s knowledge.
A SOP bypass occurs when a sitea.com is some how able to access the properties of siteb.com such as cookies, location, response etc. Due to the nature of the issue and potential impact, browsers have very strict model pertaining it and a SOP bypass is rarely found in modern browsers. However, they are found once in a while. — Rafay Baloch’s Blog
An additional vulnerability with a more limited scope of affected users was also referenced in the report. This vulnerability allows apps that use the in-app payment SDK to get their request hijacked by malicious applications.
There appears to be a flaw in the communication between the mobile payment application and the payment client applications. The mobile payment apps used an implicit intent, which can be intercepted by a malicious app via a high priority intent filter. An intent filter can be made “high priority” by combining several system APIs. — TrendLabs Blog
While Google moves promptly to address these vulnerabilities, perhaps the biggest cause for alarm is the time it takes to get issues updated caused by the fragmentation of the Android Device landscape.
As of May 1, only 2.3% of Android devices in use are actually on the latest version, with more than a third still using Gingerbread – a version last updated in September 2011, and known to have 3-11 vulnerabilities, with the exact number depending on the specific version. — TrendLabs Blog
While the news is certainly bleak the report does end the section on mobile security with several examples of overall improvement in vulnerability response and manufacturer’s ability to deal with the issues as they arise.
The mobile industry may not be mature enough yet but there is progress. I have seen some app builders setting up response processes and teams. Google has made enhancements in releasing patches and hotfixes to help Android users get updates. Some mobile manufacturers are reacting faster than before in releasing OS-related patches.
Cloud management is difficult to do manually, especially if you work with multiple cloud…
Azure’s scalable infrastructure is often cited as one of the primary reasons why it's the…
https://www.youtube.com/watch?v=wDzCN0d8SeA Watch our "Unlocking the Power of AI in your Software Development Life Cycle (SDLC)"…
FinOps is a strategic approach to managing cloud costs. It combines financial management best practices…
Using Kubernetes with Azure combines the power of Kubernetes container orchestration and the cloud capabilities…
In the intricate landscape of modern business, compliance is both a cornerstone of operational integrity…