Results 1 to 3 of 3

Thread:
New Android exploit can hack any handset in one shot

  1. #1
    Supreme Overlord
    Administrator
    JoostinOnline's Avatar
    Join Date
    Mar 2011
    Location
    Behind you!
    Posts
    7,895
    Thanked: 1542
    Blog Entries
    10
    Mentioned
    14 Post(s)

    New Android exploit can hack any handset in one shot


    Hackers have discovered a critical exploit in Chrome for Android reportedly capable of compromising virtually every version of Android running the latest Chrome. Quihoo 360 researcher Guang Gong demonstrated the vulnerability to the PSN2OWN panel at the PacSec conference in Tokyo yesterday. While the inner workings of the exploit are still largely under wraps, we do know that it leverages JavaScript v8 to gain full administrative access to the victim's phone.

    "The impressive thing about Guang's exploit is that it was one shot; most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction," PacSec organiser Dragos Ruiu told Vulture South. "As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone." Unfortunately, real-world applications would be far less benign. Google has already been alerted to the bug and is expected to pay out a sizeable bounty for the heads up.
    Source: Engadget

    You should probably stay away from Chrome for awhile. I recommend Dolphin as a mobile browser.
    "Macs are the Perfect Computers," said the Perfect Idiot.

    (\__/)
    (='.'=)This is Bunny. Copy and paste Bunny into your
    (")_(")signature to help him gain world domination.

  2. #2
    Founding Member LiNkZoR's Avatar
    Join Date
    Mar 2011
    Location
    Middle of nowhere
    Posts
    1,209
    Thanked: 271
    Mentioned
    3 Post(s)
    I don't think there is any reason to worry. They alerted google who will award them a sum of money, unless they disclose this to the public then google keeps the money.


  3. #3
    Supreme Overlord
    Administrator
    JoostinOnline's Avatar
    Join Date
    Mar 2011
    Location
    Behind you!
    Posts
    7,895
    Thanked: 1542
    Blog Entries
    10
    Mentioned
    14 Post(s)
    There is the risk of someone else finding it before they patch it. I'd give it another week at least.

    Sent from behind you
    "Macs are the Perfect Computers," said the Perfect Idiot.

    (\__/)
    (='.'=)This is Bunny. Copy and paste Bunny into your
    (")_(")signature to help him gain world domination.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •