This is not exactly Google Android's fault exactly, but more towards the applications and the recent find was something that resembles Windows DLL Hijacking. The team found a few applications in the Google Android Marketplace that were vulnerable to this attack but don't worry too much; they have already notified the application developers accordingly.
Android provides APIs that allow an application to dynamically load code to be executed. For example, an application may support plug-ins that are downloaded and then loaded at a later time. Unfortunately, if these plug-ins are stored in an insecure location, this process can be hijacked, allowing access to private data and unexpected arbitrary code execution by malicious applications.
If you're a developer, do visit Symantec's blog for a more detailed explanation of how the attack is done so you can develop safer applications. Symantec has already contacted Google about these issues.
source: 2DayBlog.com
Related Post:
News
- ChevronWP7 officially closes up shop for good, hands out App Hub memberships
- Verizon expands 4G LTE coverage in the West
- Plume for Android Update Adds ICS Elements
- UC Browser 8.2 for Android takes a crack at the US market
- Safely Phone Controls on Android announced
- Sony CEO Kaz Hirai to reveal new strategy on April 12th
- AT&T 4G LTE Coming to Bloomington, IN and Bryan-College Station, Texas April 8th
- Google acquires TxVia in an effort to expand Google Wallet
- Instagram for Android Now Available!
- PayPal Here Launches in Canada, Google Earth for Android and iOS Reaches Version 6.2 & Sparrow Launches Email Client for iOS With Gorgeous UI
