Weakness in Android Update Service Puts All Devices at Risk for Privilege Escalation

Status
Not open for further replies.

Venustus

Level 59
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
shutterstock_177225866-680x400.jpg

The first deep look into the security of the Android patch installation process, specifically its Package Management Service (PMS), has revealed a weakness that puts potentially every Android device at risk for privilege escalation attacks.

Researchers from Indiana University and Microsoft published a paper that describes a new set of Android vulnerabilities they call Pileup flaws, and also introduces a new scanner called SecUP that detects malicious apps already on a device lying in wait for elevated privileges.

More
 
  • Like
Reactions: Koroke San

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
No, because if your mighty ESET does not detect the malicious app, then basically you're unprotected from this threat.
An attacker could use a malicious application to exploit this situation to access data on the device such as user credentials, activity logs, SMS data. The researchers also said a successful attack could also give a hacker control of new signature and system permission, leading to a deeper level of trouble.
 

Koroke San

Level 29
Verified
Jan 22, 2014
1,804
I'll not install any malicious app , will search on net about the app before i gonna install it plus gonna download app only from trusted source :)
 
  • Like
Reactions: Venustus
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top