IBM researchers have discovered a critical security vulnerability in Android 4.3 (Jelly Bean) and below which could allow attackers to exfiltrate sensitive information – credentials, private keys – from vulnerable devices. The vulnerability is found in Android’s secure storage service KeyStore, and can be misused to cause a stack-based buffer overflow, which would then allow malicious code to be executed under the keystore process. The vulnerability was discovered last September, and immediately disclosed to the Android Security Team. A patch for the flaw was included in the new Android version (4.4 – KitKat) a few months later. <more>

Related articles

US Tech Companies Pledge Billions to Boost Cybersecurity Defenses
Security Updates

US Tech Companies Pledge Billions to Boost Cybersecurity Defenses

By CertX
Business Email Compromise (BEC) Scam
Security Updates

Business Email Compromise (BEC) Scam

By CertX
Security Updates

26th July – Systems Administrators Day

By CertX
Security Updates

Microsoft Urges to Patch the 0-day Vulnerability in Internet Explorer

By CertX
Security Updates

Microsoft December Patch Tuesday fixes 24 vulns

By CertX

Leave a Reply

Your email address will not be published. Required fields are marked *