主題：只有OEM廠商能用的Android - TopicsExpress

主題：只有OEM廠商能用的Android 漏洞的修正程式，根本緩不濟急！ 說明： 前幾天 BlueBox 公司揭露了可能威脅 99% Android設備安全的特大漏洞；但 Google 證實，該漏洞已經有了修補程式，並且這些修補程式已經提供給了OEM製造商。當一切看似解決的當下，先複習之前發生何事。 根據 Bluebox 安全研究團隊的調查，發現 Android 系統 4 年以來都存在一個大漏洞，駭客可在不破解應用程式的加密簽章(cryptographic signature)前提下，直接修改 Android 安裝包(APK)，因此可改成木馬程式來竊取裝置資料、密碼，甚至用來取得裝置的控制權、包含發送訊息、電子郵件、撥打電話、開啟相機拍照、觀看文件等。 所以...詳細的漏洞、過程與概念驗證程式(PoC)就被公佈了，但由於不是直接在消費者的 Android 裝置上直接修補漏洞，而是透過OEM廠商處理，所以在這空窗期間就是想製作漏洞與木馬程式最好的實驗場。 以下引用 Al Sutton 的 說明： https://plus.google/113331808607528811927/posts/GxDA6111vYy Android bug 8219321 (master keys) 漏洞詳解： - When checking signatures the PackageParser calls its loadCertificates method (https://android.googlesource/platform/frameworks/base/+/android-4.2.2_r1.2/core/java/android/content/pm/PackageParser.java - line 441) - The loadCertificates method uses the getInputStream method of the JarFile object to obtain an input stream. (https://android.googlesource/platform/frameworks/base/+/android-4.2.2_r1.2/core/java/android/content/pm/PackageParser.java - line 446) - The getInputStream method comes from ZipFile (the parent of JarFile), which looks up the relevant entry in a Map (https://android.googlesource/platform/libcore/+/android-4.2.2_r1.2/luni/src/main/java/java/util/zip/ZipFile.java - line 248) - A Map can only provide a single object for a given key, so if you have two entries in a zip file with the same name, only one of the entries will be returned when you do a look-up for that name. - The Map is constructed as part of a loop (https://android.googlesource/platform/libcore/+/android-4.2.2_r1.2/luni/src/main/java/java/util/zip/ZipFile.java - line 366) so you can determine which entry will always be returned. So what you could do is construct a zip file where the entry which is verifiable is the one returned by getInputStream, and the one with the evil code is the one which ends up on the device. Pau Oliva 所提供的 Android 漏洞概念驗證程式(PoC)： https://gist.github/poliva/36b0795ab79ad6f14fd8

It is the 1st of September. The Psalmist said in Psalm 92:10 that

Ahora somos tres. comparto el camino con dos mujeres, la Nena y

A letter to my team: Sophia, you started out nervous in front

We won’t support Jonathan in 2015- Northern Igbo

Ends ~ Thursday (Dec.11/14) @ 10pm CST SB 9.00 ~ Shipping: 2.50

Lee Ann McAdoo reports - Rand Paul to oppose weak NSA

I just saw Pennhurst is a haunted house. This makes me think back

L I know your life On earth was troubled And only you could

Jordan Maxwell delivers an interesting lecture in which he delves

SOLITARY CONFINEMENT IS TORTURE! ABOLISH IT NOW! "Day 32" -

YANGON, Myanmar (AP) - Win Tin, a prominent journalist who became

A Taught Religon by Frank Jamerson Under Judaism, people were

Please, dont see Just a boy caught up in dreams And

jati smpn17 smd sekolah tawuran bukan ajang beladiri siswa

Truyện Dài Kỳ: Hợp Đồng Hôn Nhân 100 Ngày Tình

NAVC media advocate Baba Zayid Muhammad will participate in this

Romans 12:2 The MSG Don’t become so well-adjusted to your

Chers compatriotes, Bonjours ! Dès demain, nos yeux seront tous

Recent historical context – invasions of Libya and Iraq for

Were not gonna be Just apart of their game Were not gonna