5 matches found
Mobile App Collusion Can Bypass Native Android Security
DENVER – Android’s native security mechanisms, most notably application sandboxing, secure devices against threats from one app at a time. Multiple apps however, can collude in different ways and bypass these protections. Researchers on Wednesday at the 26th Virus Bulletin International Conferenc...
百度 moplus SDK 后门 (WormHole 虫洞)
报告来源:趋势科技 目前,人们之所以称之为漏洞是基于 Moplus SDK 的访问权限控制以及应该如何限制这种访问的角度。因此,它虽然具有漏洞相关的概念而实际上是一个后门程序,如推送钓鱼网页,插入任意联系人,发送伪造短信,上传本地文件到远程服务器,未经用户授权安装任意应用到 Android 设备。而执行这些行为唯一的要求是该设备首先需要连接互联网。由于 Moplus SDK 已经被集成到众多的 Android 应用程序中,这就意味着有上亿的Android用户受到了影响。 图1.恶意软件使用的 Moplus SDK 来进行静默安装 通过 Moplus SDK 挖掘 Moplus...
Baidu really fixed all of the WormHole vulnerability?-vulnerability warning-the black bar safety net
You can’t have a back door in the software because you can’t have a back door that's only for the good guys.“ - Apple CEO Tim Cook You should not give software to install the back door, because you can't guarantee that this Backdoor only the good guys can use the--Apple CEO cook 0×0 developments...
Baidu Department of Applied WormHole vulnerability details analysis-vulnerability warning-the black bar safety net
Baidu moplus SDK is called a wormhole(Wormhole of vulnerability was reported after the“a ripple”, it is implanted into 1 4 0 0 0 app, these apps have close to 4 0 0 0 A are by Baidu produced. The vulnerability is a vulnerability reporting platform black bar safety net vulnerability bulletins foun...
Backdoor in Baidu Android SDK Puts 100 Million Devices at Risk
The China's Google-like Search Engine Baidu is offering a software development kit SDK that contains functionality that can be abused to give backdoor-like access to a user's device, potentially exposing around 100 Million Android users to malicious hackers. The SDK in question is Moplus, which m...