GuardSquare warns of Android vulnerability ‘Janus’

GuardSquare warns that a New Android vulnerability allows attackers to modify apps without affecting their signatures.

“A serious vulnerability (CVE-2017-13156) in Android allows attackers to modify the code in applications without affecting their signatures… a file can be a valid APK file and a valid DEX file at the same time…

…Google has released a patch to its partners in November. They have published the bug (CVE-2017-13156) in the Android Security Bulletin on December 4, 2017.”

David Harley

*** This is a Security Bloggers Network syndicated blog from Mac Virus authored by David Harley. Read the original post at: