- Apr 21, 2016
- 3,430
A security flaw in Android allows malicious apps to bypass permission checks and thus obtain access to read more information they were supposed to, including details that could allow malware to track device location.
Discovered by Nightwatch Cybersecurity, the vulnerability affects all versions of Android except for the recently-released Pie. The security hole is detailed in CVE-2018-9489 and is unlikely to get any fix, according to the advisory.
“The vendor fixed these issues in Android P / 9. Because this would be a breaking API change, the vendor does not plan to fix prior versions of Android. Users are encouraged to upgrade to Android P / 9 or later,” Nightwatch Cybersecurity notes.
As to how the vulnerability can be exploited, the research indicates that malicious apps can listen to system broadcasts in order to bypass permission checks and get access to specific device information.
Read more: Android Security Flaw Lets Malware Bypass Permission Check, Read Device Info
Discovered by Nightwatch Cybersecurity, the vulnerability affects all versions of Android except for the recently-released Pie. The security hole is detailed in CVE-2018-9489 and is unlikely to get any fix, according to the advisory.
“The vendor fixed these issues in Android P / 9. Because this would be a breaking API change, the vendor does not plan to fix prior versions of Android. Users are encouraged to upgrade to Android P / 9 or later,” Nightwatch Cybersecurity notes.
As to how the vulnerability can be exploited, the research indicates that malicious apps can listen to system broadcasts in order to bypass permission checks and get access to specific device information.
Read more: Android Security Flaw Lets Malware Bypass Permission Check, Read Device Info
Last edited by a moderator: