Researchers at Curesec in Germany discovered the bug in October and reported it to Google, which included a fix in Android 4.4 Kit Kat. The vulnerability enables a malicious app to disable this check and all of the security locks in the OS.
If a user goes in to change, for example, the gesture lock, Android will ask the user to confirm her PIN code or another security mechanism. The vulnerability in question lies in the way that Jelly Bean handles the flow of requests when a user attempts to change one of the many security locks in the operating system. The researchers who discovered a serious vulnerability in Android 4.3 Jelly Bean that enables a malicious app to disable the security locks on a vulnerable device have published a proof-of-concept app that exploits the bug, as well as source code for the app.
0 kommentar(er)
