The master key security vulnerability takes advantage of how android verifies JAR/ZIP/APK files. Worse still, viaForensics security researcher Pau Oliva Fora demonstrated a proof of concept for this security hole. In a nutshell, this proof of concept means that as long as Mondays’ are Mondays’ and Saturdays are not Sundays, you’ll see some real malwares using this loophole. The master key security hole can be exploited with nearly any android app. Although Bluebox Security released its own security scanner app for the vulnerability, the least you can do is scan and see. So far, we’ve only found out that only the Samsung Galaxy S4, the HTC One, and other hardware using the latest version of the android firmware CynogenMod are safe from this security vulnerability. Well, this means that over 99% of android devices are vulnerable; sit, wait and see is not particularly the best course of action. For starters, you don’t have to panic. If your device is vulnerable, follow these simple steps to avoid apps that could’ve been comprised.
Don’t visit or download content from suspicious websites Avoid program downloads from third-party android stores Look carefully at any program before you install it to ascertain its legitimacy Upgrade to the latest version of android Make sure you are using the latest version of a good antivirus app
According to Google’s Android Communications Manager, Gina Scigliano, Google has ‘not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools. Google Play scans for this issue – and verify Apps in a security program in android 4.2 and higher. It scan any apps you want to download and install against Google’s database of safe apps.” Gina also added that Google will be releasing a security fix for Nexus devices in an upcoming software update. As we wait for OEMs to release patches for this security flaw, the best you can do for now is avoid any app or content downloads that might put your gadget at risk, especially from third app stores.
Via ZDNet
