Earlier this week members of Google’s Project Team held a competition, it was Americans vs. Europeans, and the objective was to discover security flaws in the Galaxy S6 edge. In just one week they were able to discover 11 “high-impact security issues,” while some of them have been fixed by Samsung others still remain unpatched.
An “easy-to-exploit” bug was discovered in the Samsung Email app by British researcher James Forshaw, it highlighted the lack of authentication in an intent handler, intents are what Android apps use to basically tell other apps their intent to perform an action. Forshaw discovered that a small app with malware baked right in could send a series of intents to the Email app making it forward messages to another account. It’s what’s considered a “noisy attack,” because messages would be displayed in the sent folder, but the fact is that it shouldn’t be that easy for an unprivileged app to access that data. Five memory corruption vulnerabilities were discovered by Natalie Silvanovich, a member of the Project Zero team, with two of them being triggered when an image is opened in Samsung Gallery. A JavaScript vulnerability was also discovered in the Email app, wide-reaching applications of such exploits can prove to be dangerous.
Samsung fixed most of the flaws that were discovered during this competition last month, it’s expected that the company will address the memory vulnerabilities discovered by Silvanovich and the JavaScript issue later this month via a software update.
from SamMobile http://ift.tt/1NasE6Q
via IFTTT
ليست هناك تعليقات:
إرسال تعليق