Three New Android Vulnerabilities Released

Smartphone security has become a popular topic amongst security researchers, with three new vulnerabilities released in the last two weeks alone. Speakers at BlackHat Abu Dhabi, HouSecCon, and Intel’s Annual Security Conference have released new vulnerabilities in Android that allow attackers to execute arbitrary code or install apps without user intervention.

Last week, Alert Logic released exploit code that targets the browser in Android smartphones running 2.1 or earlier. This vulnerability is fixed in the latest version of Android (Froyo); however, there are many devices still running earlier versions of Android that could be affected.

Just like vulnerable PC web browsers, a vulnerable smartphone just needs to visit a website infected with malicious code to be exploited. Net: if you are running 2.1 on your Android, be very careful what sites you visit. To tell if you are running 2.1 on your phone, navigate to Settings –> About Phone. Scroll down to Android Version, if it says 2.1 your phone is vulnerable.

This week, security researchers Jon Oberheide and Zach Lanier demonstrated a flaw whereby a malicious application that requests a few critical permissions can then install other applications without user intervention. Continue reading ….

Related Posts

ZShaolin keeps getting better. Now has vim, nmap, git, rsync, and ssh Remember ZShaolin? Yep, it's that Android ninja tool that gives you zsh and a whole bunch of command-line applications on your Android device, minus t...
Ready for a digital world where the OS is the browser? I believe it was Scott McNealy, the former CEO and co-founder of the now defunct Sun Microsystems, Inc. who first tried to sell us on the idea of Clou...
Yoga tablet is Android-powered and delivers up to 18 hours of juice The Yoga tablet computer is the latest Android-powered tablet from Lenovo. The holiday shopping season is right around the corner, so we can expect mo...
Green500 List top 10 are all powered by NVIDIA Tesla GPUs and Linux The November 2013 edition of the Green500 List has be released, just two days after the TOP500 List. Unlike the TOP500 List, which lists 500 of th...
Updated Software Uses Combination Testing to Catch Bugs Fast and Easy Researchers at the National Institute of Standards and Technology (NIST) have released an updated version of a computer system testing tool that can c...
No, availability is not security! Security is a very important factor in my choice of distributions and software solutions, and I tend to hold a very strict view of what it means from ...

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


One Comment

  1. Pingback: Tweets that mention Three New Android Vulnerabilities Released — LinuxBSDos.com -- Topsy.com

Leave a Comment

Your email address will not be published. Required fields are marked *

*