GuardSquare warns that a New Android vulnerability allows attackers to modify apps without affecting their signatures.
“A serious vulnerability (CVE-2017-13156) in Android allows attackers to modify the code in applications without affecting their signatures… a file can be a valid APK file and a valid DEX file at the same time…
…Google has released a patch to its partners in November. They have published the bug (CVE-2017-13156) in the Android Security Bulletin on December 4, 2017.”
This is a Security Bloggers Network syndicated blog post authored by David Harley. Read the original post at: Mac Virus