Feeds

back to article Another zombie 'bogus app' bug shambles out of Android

Jay Freeman, aka @saurik, has detailed another Zip implementation bug in pre-4.4 (Kit Kat) versions of Android which, similarly to the notorious APK vulnerability exposed earlier this year, opens a hole that malware can sneak through. Freeman – whose previous credentials include security analysis of Google Glass and uncovering …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

So the majority of Android users who will not be able to upgrade will still be at risk?

Solution, buy a new phone.

1
3
Stop

Yes, much like any operating system. Install something from a untrusted source and get malware.

Solution, don't install from untrusted sources.

6
1
Anonymous Coward

Easy fix.

It's also really easy to scan for this attack vector in the Google Play store, so the only people at risk are retards that "shop" for warez outside of the Google Play store.

Solution: Shop on Google Play.

6
4

Re: Easy fix.

You do realise that there are repositories of legitimate Android apps other than the Play store, don't you? - or perhaps not.

This isn't an Apple-like situation, where there is only one source allowed - downloading apps from somewhere other than Play doesn't automatically place an individual in the " retards that "shop" for warez" category.

1
1
Boffin

Can't upgrade?

I've just had a look at CyanogenMod – they pulled the fix in just yesterday. Here's the commit for the 10.2 branch.

I fully expect that they're not the only ones to have pulled it in.

0
0
Bronze badge

bug vs. feature

This Android bug is a feature on Windows OS. There has been no mandatory authenticity verification on MS Windows for all these past and current years.

0
1
Silver badge

What, ANOTHER zip bug?

Zip seems to be Google's Achilles heel for programming in the same way daylight savings is for Apple!

0
0
This topic is closed for new posts.