back to article Another zombie 'bogus app' bug shambles out of Android

Jay Freeman, aka @saurik, has detailed another Zip implementation bug in pre-4.4 (Kit Kat) versions of Android which, similarly to the notorious APK vulnerability exposed earlier this year, opens a hole that malware can sneak through. Freeman – whose previous credentials include security analysis of Google Glass and uncovering …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    So the majority of Android users who will not be able to upgrade will still be at risk?

    Solution, buy a new phone.

    1. tomban
      Stop

      Yes, much like any operating system. Install something from a untrusted source and get malware.

      Solution, don't install from untrusted sources.

    2. Anonymous Coward
      Anonymous Coward

      Easy fix.

      It's also really easy to scan for this attack vector in the Google Play store, so the only people at risk are retards that "shop" for warez outside of the Google Play store.

      Solution: Shop on Google Play.

      1. Kernel

        Re: Easy fix.

        You do realise that there are repositories of legitimate Android apps other than the Play store, don't you? - or perhaps not.

        This isn't an Apple-like situation, where there is only one source allowed - downloading apps from somewhere other than Play doesn't automatically place an individual in the " retards that "shop" for warez" category.

    3. Mr Flibble
      Boffin

      Can't upgrade?

      I've just had a look at CyanogenMod – they pulled the fix in just yesterday. Here's the commit for the 10.2 branch.

      I fully expect that they're not the only ones to have pulled it in.

  2. eulampios

    bug vs. feature

    This Android bug is a feature on Windows OS. There has been no mandatory authenticity verification on MS Windows for all these past and current years.

  3. Anonymous Coward
    Anonymous Coward

    What, ANOTHER zip bug?

    Zip seems to be Google's Achilles heel for programming in the same way daylight savings is for Apple!

This topic is closed for new posts.

Other stories you might like