Android Vulnerable To Drive-By Attack

  /     /     /  
Publicated : 22/11/2024   Category : security


Android Vulnerable To Drive-By Attack


Security researcher details code to remotely exploit the browser in Android OS 2.1 or earlier.



Strategic Security Survey: Global Threat, Local Pain

(click image for larger view and for full slideshow)
Some versions of the Android operating system -- though not the current one, version 2.2 -- are vulnerable to being remotely exploited.
That warning comes by way of a presentation, Better Watch Your Apps, made Thursday by security researcher MJ Keith at the National Information Security Group (NAISG) HouSecCon conference in Houston. Keith, who works for log management, intrusion detection, and cloud security vendor Alert Logic, also released a
YouTube video
to demonstrate how his Android browser shell remote script could be used to run command-line code via a drive-by attack -- that is, after a user visited a malicious website.
On Friday, details of the Android 2.0-2.1 Reverse Shell Exploit vulnerability submitted by Keith also appeared on Exploit Database.
If successfully exploited, the vulnerability could give an attacker control of the Android browser. Due to sandboxing in the Android operating system, however, an attacker would only have access to what the Android browser can access.
The vulnerability stems from WebKit, the open-source rendering engine used in the Android -- as well as iPhone -- browsers. On a related note, a recent study from Cenzic found that the sharp rise in vulnerabilities affecting Apple Safari and Google Chrome could be traced to
WebKit bugs
.
The WebKit vulnerability exploited by Keith had been previously disclosed for Apple Safari, but not tied to Android.
Google acknowledged the vulnerability. Were aware of an issue in WebKit that could potentially impact only old versions of the Android browser, said a Google spokesperson via email. The issue does not affect Android 2.2 or later versions.
According to Google, as of Monday, about 36% of all Android devices were running version 2.2 of the operating system, while 41% were running version 2.1.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Android Vulnerable To Drive-By Attack