A proof-of-concept exploit for the “master key” vulnerability in Android has already been made public, so it could be only a matter of time until we see some Trojanized apps that leverage the flaw.
In the meantime, Bitdefender experts have spotted a couple of fairly popular applications on Google Play that exploit the vulnerability. The apps in question are Rose Wedding Cake Game and Pirates Island Mahjong Free, both updated in mid-May.
However, in this case, the bug is not leveraged for malicious purposes.
“The applications contain two duplicate PNG files which are part of the game’s interface. This means that the applications are not running malicious code – they are merely exposing the Android bug to overwrite an image file in the package, most likely by mistake,” Bitdefender’s Bogdan Botezatu explained.
“In contrast, malicious exploitation of this flaw focuses on replacing application code,” he noted.
SOURCE: news.softpedia.com
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…