“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps | allinfosecnews.com

May 2, 2024, 7:01 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application’s implementation. Arbitrary code execution can provide a threat actor with full control over an application’s behavior. Meanwhile, token theft can provide a threat actor with access to the user’s accounts and sensitive data.

We identified several …

android android apps application applications apps arbitrary code arbitrary code execution attack code code execution directory enable files home implementation malicious malicious application microsoft path path traversal popular stream theft token token theft vulnerability vulnerable vulnerable application

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Unpacking XDR: Coverage, stitching, accregation — and the GenAI wildcard an hour ago | malware.news

article genai link media +7

The enterprise browser: The first win-win-win for CISOs, CIOs and end users an hour ago | malware.news

article browser browsers cisos +11

One big problem SOC teams can actually solve with AI an hour ago | malware.news

article big can intezer +8

SailPoint's approach to unified identity security for the modern enterprise 2 hours ago | malware.news

article enterprise identity identity security +6

AI SOC Solutions, Revamp Your Cybersecurity, & Nightwing Introduction - Jon Check, Ricardo Villadiego, Jim … 3 hours ago | malware.news

amp article check cybersecurity +6

Post-RSAC, Our Heads Are Spinning, and Big News Keeps on Coming! - ESW #362 3 hours ago | malware.news

article big coming link +3

AI-generated code top cloud security concern amid 100% use rate in survey 3 hours ago | malware.news

api article cloud cloud security +14

Security through data 4 hours ago | malware.news

article centers cisco data +6

The role of AI in securing software and data supply chains 4 hours ago | malware.news

article data gitlab josh +8

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Cyber Incident Manager 3

@ ARSIEM | Pensacola, FL

View on infosec-jobs.com

On-Site Environmental Technician II - Industrial Wastewater Plant Operator and Compliance Inspector

@ AECOM | Billings, MT, United States

View on infosec-jobs.com

Sr Security Analyst

@ Everbridge | Bengaluru

View on infosec-jobs.com