Turkish security researcher Ibrahim Balic have discovered a vulnerability in Android which causes a possible memory corruption. He had crashed Google Play a couple of times.According Ibrahim, executing a malformed APK file triggers the vulnerability and it causes DoS and device becomes freezed. He tested on Android 4.2.2, Android 4.3, Android 2.3 versions the result seems to be the same every attempt.
The cause of the bugs is the “appname” length. if you set the appname in strings.xml and set as big long value (387000+ chars) which triggers the bug.
Researcher didn't want to cause any damage but he couldn't stop his feelings and wanted to test it on Google’s Android Bouncer by uploading the malformed APK to Google Play, Then he realized that it caused Denial of Service on Google Play!
After goggling he found that many people couldn't be able to upload their APPs to Google Play during my test, I think it was probably because of testing my PoC exploit on Google Play.
He was already reported the vulnerability to Google Security and my report id is “67213″
Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter
No comments:
Post a Comment