Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Serialization vulnerabilities put many Android devices at risk

Serialization vulnerabilities put many Android devices at risk

2015/08/11

Securityweek - (International) Security researchers from IBM discovered an Android operating system (OS) "serialization vulnerability" affecting versions 4.3 Jelly Bean through 5.1 Lollipop, related to Android's OpenSSLX509Certificate class framework that an attacker could exploit for arbitrary code execution in applications and services, leading to privilege escalation, in which legitimate apps can be replaced with malicious apps that steal data, among other actions.

Source: http://www.securityweek.com/serialization-vulnerabilities-put-many-android-devices-risk

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:24:59