From Help Net Security:
Flawed Android backup mechanism can lead to injected malicious apps
A flaw (CVE-2014-7952) in Android's backup/restore mechanism can be exploited by knowledgeable developers to "respawn" malicious apps on phones, and make them gain top-level access and potentially dangerous permissions that they didn't have before.
"Full backup of applications including the private files stored on /data partition is performed by default, but applications can customize this behavior by implementing a BackupAgent class," Search-Lab researchers explained.
No comments:
Post a Comment