all InfoSec news
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Malware Analysis, News and Indicators - Latest topics malware.news
Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application’s implementation. Arbitrary code execution can provide a threat actor with full control over an application’s behavior. Meanwhile, token theft can provide a threat actor with access to the user’s accounts and sensitive data.
We identified several …
android android apps application applications apps arbitrary code arbitrary code execution attack code code execution directory enable files home implementation malicious malicious application microsoft path path traversal popular stream theft token token theft vulnerability vulnerable vulnerable application