GuardSquare warns that a New Android vulnerability allows attackers to modify apps without affecting their signatures.
“A serious vulnerability (CVE-2017-13156) in Android allows attackers to modify the code in applications without affecting their signatures… a file can be a valid APK file and a valid DEX file at the same time…
…Google has released a patch to its partners in November. They have published the bug (CVE-2017-13156) in the Android Security Bulletin on December 4, 2017.”
*** This is a Security Bloggers Network syndicated blog from Mac Virus authored by David Harley. Read the original post at: https://macviruscom.wordpress.com/2017/12/11/guardsquare-warns-of-android-vulnerability-janus/