Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Android Bug Cellphones Handhelds Security

Drive-by Android Malware Exploits Unpatchable Vulnerability 120

Posted by timothy from the bad-people-are-out-there dept.
An anonymous reader writes "Attackers have crafted the E-Z-2-Use malware code that exploits a 14-month-old vulnerability in Android devices. The vulnerability exists in the WebView interface a malicious website can utilize it to gain a remote shell into the system with the permissions of the hijacked application. Vulnerable devices are any device that is running a version earlier than 4.2 (in which the vulnerability was patched) which is a staggeringly large amount of the market. The vulnerability is in Android itself rather than the proprietary GMS application platform that sits atop the base operating system so it is not easily patched by Google."
This discussion has been archived. No new comments can be posted.

Drive-by Android Malware Exploits Unpatchable Vulnerability More

Drive-by Android Malware Exploits Unpatchable Vulnerability

Comments Filter:

  • Fragmentation not an issue eh? (Score:5, Interesting)

    by Anonymous Coward on Thursday February 20, 2014 @06:58PM (#46299841)

    Some carriers still sell android 2.x devices. If you don't buy a mainstream/high end device your phone will likely never see a patch, ever.

    Not saying my iphone is invulnerable, but my almost 4 year old iphone4 still gets patches. So does my 5s, and I expect it will 3-4 years from now.

    And no, normal users can't and don't install Cyanogen. Sorry.

  • Re:errr that's Unpatched not Unpatchable (Score:5, Interesting)

    by Penguinisto ( 415985 ) on Thursday February 20, 2014 @07:12PM (#46299959) Journal

    it was fixed in v 4.2 so it is patchable
    QED

    Not exactly QED: Most Android phones are unpatchable due to the carrier not giving a damn (for various reasons), the phone hardware being too old (or too low-end), and/or the manufactuer not giving a damn (they'd prefer you buy a new phone from them instead). There are of course jailbreaks, if your carrier doesn't cut you off for using it, and if there's one that works on your phone, and if you have the technical 'oomph to install it without bricking the thing.

    To put it bluntly? Unless you paid at least $300 for your Android smartphone and it's less than 3 years old (if you're lucky), you're pretty much screwed.

    (Before anyone gets butthurt about it, no, I don't own an iPhone. I have a cheap Android device, but as I bought it recently, it has 4.2 on it.)

  • Re:Fragmentation not an issue eh? (Score:5, Interesting)

    by Penguinisto ( 415985 ) on Thursday February 20, 2014 @07:29PM (#46300087) Journal

    This will perhaps finally break Android's staggering left-behind numbers, once someone writes malware to abuse such an unpatched issue in a way that effects people in a serious way (not just people installing illegal or otherwise wildly non-mainstream apps).

    No, it will more likely drive the average consumer to buying iPhones (if they have the money) or WinMo devices (if they don't.)

    You see, people aren't all that technically in-depth, and so they're not going to (rightly) blame the manufacturers or carriers for blocking patches/upgrade - they'll blame "Android", and avoid it like the plague, even if the newer versions are fully patched against it.

Slashdot Top Deals

"The one charm of marriage is that it makes a life of deception a neccessity." - Oscar Wilde

Close