Forgot your password?
typodupeerror

+ - KeyStore Vulnerability Affects 86% of Android Devices

Submitted by jones_supa
jones_supa (887896) writes "IBM security researchers have published an advisory about an Android vulnerability that may allow attackers to obtain highly sensitive credentials, such as cryptographic keys for some banking services and virtual private networks, and PINs or patterns used to unlock vulnerable devices. It is estimated that the flaw affects 86 percent of Android devices. Android KeyStore has a little bug where the encode_key() routine that is called by encode_key_for_uid() can overflow the filename text buffer, because bounds checking is absent. The advisory says that Google has patched only version 4.4 of Android. There are several technical hurdles an attacker must overcome to successfully perform a stack overflow on Android, as these systems are fortified with modern NX and ASLR protections. The vulnerability is still considered to be serious, as it resides in one of the most sensitive resources of the operating system."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

KeyStore Vulnerability Affects 86% of Android Devices

Comments Filter:

We are Microsoft. Unix is irrelevant. Openness is futile. Prepare to be assimilated.

Working...