Jay Freeman, aka @saurik, has detailed another Zip implementation bug in pre-4.4 (Kit Kat) versions of Android which, similarly to the notorious APK vulnerability exposed earlier this year, opens a hole that malware can sneak through. Freeman – whose previous credentials include security analysis of Google Glass and uncovering …
So the majority of Android users who will not be able to upgrade will still be at risk?
Solution, buy a new phone.
Yes, much like any operating system. Install something from a untrusted source and get malware.
Solution, don't install from untrusted sources.
It's also really easy to scan for this attack vector in the Google Play store, so the only people at risk are retards that "shop" for warez outside of the Google Play store.
Solution: Shop on Google Play.
Re: Easy fix.
You do realise that there are repositories of legitimate Android apps other than the Play store, don't you? - or perhaps not.
This isn't an Apple-like situation, where there is only one source allowed - downloading apps from somewhere other than Play doesn't automatically place an individual in the " retards that "shop" for warez" category.
I've just had a look at CyanogenMod – they pulled the fix in just yesterday. Here's the commit for the 10.2 branch.
I fully expect that they're not the only ones to have pulled it in.
bug vs. feature
This Android bug is a feature on Windows OS. There has been no mandatory authenticity verification on MS Windows for all these past and current years.
What, ANOTHER zip bug?
Zip seems to be Google's Achilles heel for programming in the same way daylight savings is for Apple!
- Very fabric of space-time RIPPED apart in latest Hubble pic
- 10 years of Facebook Inside Facebook's engineering labs: Hardware heaven, HP hell – PICTURES
- Dell charges £16 TO INSTALL FIREFOX on PCs – Mozilla is miffed
- Google! and! Facebook! IDs! face! Yahoo! login! BAN!
- CIA snoops snooped on Senate to spy spy torture report – report