Android Scoring System Roots Out Malicious, Harmful Apps
Google this week explained how it weighs potentially harmful Android apps using the Verify Apps malware scanner and a scoring system it calls Dead or Insecure.
Mobile security
Vulnerabilities Leave iTunes, App Store Open to Script Injection
Researchers say iTunes and Apple’s App Store suffer from a persistent input validation and mail encoding web vulnerability. If exploited, it could allow an attacker to inject their own malicious script.
Dirty Cow Vulnerability Patched in Android Security Bulletin
Today’s Android Security Bulletin included a patch for the Dirty Cow vulnerability, a seven-year-old Linux bug that had yet to be patched by Google.
Attackers could exploit over-the-air updates in three million Android devices to remotely execute commands with root privileges via a man-in-the-middle (MiTM) attack.
Mobile app developers need to be aware of improper OAuth 2.0 implementations that have put one billion mobile apps at risk to takeover.
Hackers with Keen Team identified vulnerabilities in iOS 10.1 and Android Nougat at Mobile Pwn2Own this week.
A study finds risky apps leave mobile devices open to SMS denial-of-service attack and remote SIM card rooting.
At Virus Bulletin, researchers explain how Android mobile applications can collude to share data and synchronize payload execution.
At Virus Bulletin, researchers explained the risks associated with abandoned SDK master servers that present attackers with an opportunity to assume control of these communication channels.
The massive Yahoo breach, this week’s Security of Things Forum, Mamba ransomware, and Google Allo are discussed.
