More fun and games with Android. It turns out that there is yet another way to punch a hole into Google’s Android platform.
This time one of the researchers is also one of our own crew, Zach Lanier.
From Info Security:
A pair of security researchers have identified some potentially serious vulnerabilities in the Android smartphone and tablet platform and – apparently after previous experiences in dealing with Google – have posted a YouTube video detailing the flaws.
The two researchers – Jon Oberheide and Zach Lanier – previously created an app that acted as a proof-of-concept application that allowed malicious developers to covertly install additional applications.
Here is the YouTube video as well.
A brief video demo of two unpatched Android vulnerabilities: a permission escalation allowing the installation of applications with arbitrary permissions without user approval; and a privilege escalation targeting Android’s Linux kernel that allows an unprivileged application to gain root access.
Source: Article Link
(Image used under CC from paperpariah)