How long have they been aware of these?
When were these discovered? If it was September 6th or before, I demand that these security researchers go public with their findings!
Security researchers have found several flaws in the developer tools and environments used by Android programmers. The flaws, if exploited, would enable hackers to exploit the developer environments and insert malicious code (like adware or a cryptominer) into legitimate apps, without the developers of those kosher apps …
I read that article, did a bit of digging for more details, tried to post as a comment, ran into a Captcha that wouldn't work right. now it's in the bit bucket...
The problem seems to be caused by embedded external references in the XML. You could pre-scan for those and don't open them if the affected file has "!ENTITY" tags.
Biting the hand that feeds IT © 1998–2019