Android found dangerous vulnerability
The company Palo Alto Networks reported the discovery of a dangerous vulnerability in the application installer component ( PackageInstaller ) Android versions <5. This vulnerability is similar to the Masque for iOS vulnerability, which we wrote about here , and allows you to install one application on top of another, and this new application will have access to all the data of the previous one. We are talking about installing applications from a third-party application store, and not from Google Play, because only in this scenario can attackers take advantage of the vulnerability.
According to estimates of Palo Alto Networks, the vulnerability covers 49.5% of all devices that are running Android. The exploit itself was successfully tested on the following versions of Android: 2.3, 4.0.3-4.0.4, 4.1.X, and 4.2.x. Vulnerable are some firmware with versions of Android 4.3. For Android 4.4, this vulnerability has already been fixed.
')
In the above versions of Android, the PackageInstaller application installer component contains a Time of check to time of use vulnerability. Relatively speaking, the vulnerability allows one user to overwrite one .APK file with another during the installation of the application, or rather, during the user verification process of the access rights requested by the application (the PackageInstallerActivity screen). Attackers can exploit the vulnerability only if the user uses a third-party application store, because in this case, .APK files are downloaded not to a protected location in the file system (protected storage), as in the case of Google Play, but to another location (for example, / sdcard /).
A special scanner has been placed on Google Play to detect this vulnerability on the device.
According to estimates of Palo Alto Networks, the vulnerability covers 49.5% of all devices that are running Android. The exploit itself was successfully tested on the following versions of Android: 2.3, 4.0.3-4.0.4, 4.1.X, and 4.2.x. Vulnerable are some firmware with versions of Android 4.3. For Android 4.4, this vulnerability has already been fixed.
')
In the above versions of Android, the PackageInstaller application installer component contains a Time of check to time of use vulnerability. Relatively speaking, the vulnerability allows one user to overwrite one .APK file with another during the installation of the application, or rather, during the user verification process of the access rights requested by the application (the PackageInstallerActivity screen). Attackers can exploit the vulnerability only if the user uses a third-party application store, because in this case, .APK files are downloaded not to a protected location in the file system (protected storage), as in the case of Google Play, but to another location (for example, / sdcard /).
A special scanner has been placed on Google Play to detect this vulnerability on the device.
Source: https://habr.com/ru/post/254061/
All Articles