As we all know that before few days one exploit was founded in android that was affected most of the devices in android. And now letest exploit founded by one Anon researcher. It has affected near about 55% + android devices Read more here :-
Researchers have now warned of another critical security hole in Google’s Android mobile operating system platform that impacts over 55 percent of all Android users.
Security researchers at IBM have discovered a new privilege escalation vulnerability in the Android platform that could allow “a malicious app with no privileges the ability to become a ‘super app’ and help the cybercriminals own the device.”
Dubbed the Android serialization vulnerability, assigned CVE-2015-3825, affects Android versions 4.3 and above, including the latest build of Android M.
The vulnerability resides in a component of Android’s platform called OpenSSLX509Certificate, which can be exploited by an Android app to compromise the system_server process and gain powerful system-level access on the Android device.
In a video, the researchers showed proof-of-concept attack, demonstrating how they were able to exploit the flaw using a malicious app and replace it with the real Facebook app to steal social networking login credentials.
Once the user runs that app with no apparent special privileges, it then download additional code to overwrite the existing app, loaded with an exploit used to escalate permissions using the vulnerability.
Found that video from here :-
https://www.youtube.com/watch?v=VekzwVdwqIY
Researchers have now warned of another critical security hole in Google’s Android mobile operating system platform that impacts over 55 percent of all Android users.
Security researchers at IBM have discovered a new privilege escalation vulnerability in the Android platform that could allow “a malicious app with no privileges the ability to become a ‘super app’ and help the cybercriminals own the device.”
Dubbed the Android serialization vulnerability, assigned CVE-2015-3825, affects Android versions 4.3 and above, including the latest build of Android M.
The vulnerability resides in a component of Android’s platform called OpenSSLX509Certificate, which can be exploited by an Android app to compromise the system_server process and gain powerful system-level access on the Android device.
In a video, the researchers showed proof-of-concept attack, demonstrating how they were able to exploit the flaw using a malicious app and replace it with the real Facebook app to steal social networking login credentials.
Once the user runs that app with no apparent special privileges, it then download additional code to overwrite the existing app, loaded with an exploit used to escalate permissions using the vulnerability.
Found that video from here :-
https://www.youtube.com/watch?v=VekzwVdwqIY