From Help Net Security:
Flawed Android backup mechanism can lead to injected malicious apps
A flaw (CVE-2014-7952) in Android's backup/restore mechanism can be exploited by knowledgeable developers to "respawn" malicious apps on phones, and make them gain top-level access and potentially dangerous permissions that they didn't have before.
"Full backup of applications including the private files stored on /data partition is performed by default, but applications can customize this behavior by implementing a BackupAgent class," Search-Lab researchers explained.
The purpose of this blog is to help small-medium businesses (SMB's) deal effectively with their unique cyber security needs. With over 15 years experience in IT and cyber security I will show SMB's how they can leverage their limited resources to develop effective cyber defenses to the most common threats using information security best practices and no/low cost tools.
LinkedIn: http://www.linkedin.com/in/ecissorsky/
Twitter: @ecissorsky
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment