Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×
Android IBM Security

KeyStore Vulnerability Affects 86% of Android Devices 71

jones_supa (887896) writes "IBM security researchers have published an advisory about an Android vulnerability that may allow attackers to obtain highly sensitive credentials, such as cryptographic keys for some banking services and virtual private networks, and PINs or patterns used to unlock vulnerable devices. It is estimated that the flaw affects 86 percent of Android devices. Android KeyStore has a little bug where the encode_key() routine that is called by encode_key_for_uid() can overflow the filename text buffer, because bounds checking is absent. The advisory says that Google has patched only version 4.4 of Android. There are several technical hurdles an attacker must overcome to successfully perform a stack overflow on Android, as these systems are fortified with modern NX and ASLR protections. The vulnerability is still considered to be serious, as it resides in one of the most sensitive resources of the operating system."
This discussion has been archived. No new comments can be posted.

KeyStore Vulnerability Affects 86% of Android Devices

Comments Filter:

Related Links Top of the: day, week, month.

"Pok pok pok, P'kok!" -- Superchicken

Working...