back to article Google and pals rush to repair Android dev tools, block backdoor risks

Security researchers have found several flaws in the developer tools and environments used by Android programmers. The flaws, if exploited, would enable hackers to exploit the developer environments and insert malicious code (like adware or a cryptominer) into legitimate apps, without the developers of those kosher apps …

Silver badge
Coat

How long have they been aware of these?

When were these discovered? If it was September 6th or before, I demand that these security researchers go public with their findings!

1
3

Re: How long have they been aware of these?

Since May: https://www.theregister.co.uk/2017/12/06/android_ides_vulnerable/

0
0
Silver badge
Devil

Re: How long have they been aware of these?

I read that article, did a bit of digging for more details, tried to post as a comment, ran into a Captcha that wouldn't work right. now it's in the bit bucket...

The problem seems to be caused by embedded external references in the XML. You could pre-scan for those and don't open them if the affected file has "!ENTITY" tags.

https://www.w3.org/TR/REC-xml/#sec-external-ent

0
1

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017