Posted by: David Harley | December 11, 2017

GuardSquare warns of Android vulnerability ‘Janus’

GuardSquare warns that a New Android vulnerability allows attackers to modify apps without affecting their signatures.

“A serious vulnerability (CVE-2017-13156) in Android allows attackers to modify the code in applications without affecting their signatures… a file can be a valid APK file and a valid DEX file at the same time…

…Google has released a patch to its partners in November. They have published the bug (CVE-2017-13156) in the Android Security Bulletin on December 4, 2017.”

David Harley

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: