The recently disclosed Android master key vulnerability by CTO of BlueBox, Jeff Forristal, allows an attacker to inject malicious code into an Android application without the need to alter or invalidate the application’s digital signature. This impacts almost all current Android implementations and to make matters worse, patches cannot be issued directly by Google, but require individual handset manufacturers to provide patches for their unique Android implementation. To date, some have provided patches, while others haven’t.
- Viral Gandhi
- Viewpoints
- Posted On