Android 0-day vulnerability - Drive by download

2015.04.22

Credit: ma sh

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Security Issue:
===============
It is possible to fool Android users into performing undesired actions on their devices. Namely, it is possible to force them downloading malicious applications without being aware of it.
It seems to affect all versions of Android.
Reference (source):
===================
http://www.nes.fr/securitylab/?p=1865
Proof Of Concept:
=================
https://www.youtube.com/watch?v=ekvdO8tdJ34

References:

https://www.youtube.com/watch?v=ekvdO8tdJ34

http://www.nes.fr/securitylab/?p=1865

http://seclists.org/fulldisclosure/2015/Apr/77

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Android 0-day vulnerability - Drive by download

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.