Android Developer Tools Contain Vulnerabilities

Android Developer Tools Contain VulnerabilitiesSeveral of the most popular cloud-based and downloadable tools Android developers use are affected.Android application developer tools Android Studio, Eclipse, and Intellij-IDEA contain vulnerabilities, Check Point researchers revealed in a report today.
Android Application Package Tool (APKTool), Cuckoo-Droid service, and other Android application reverse-engineering tools also had vulnerabilities too, according to Check Point, which discovered the vulnerabilities.
多家银行的客户遭遇银行借记卡存款“不翼而飞”事件,猜想黑客盗银行卡和密码的技术又有了新的突破。
The APKTool’s XML External Entity (XXE) vulnerability can expose the entire OS file system of its users. The attacker could then take a malicious AndroidManifest.xml file to exploit the XXE vulnerability, the report notes. As for the developer tools, Android Studio, Eclipse, and Intellij-IDEA, the attackers could load a malicious AndroidManifest.xml file onto any Android project, which in turn would start “spitting out any file configured by the attacker,” the report states.
Check Point notified Google, APKTool developers, and the other integrated development environment (IDEs) companies of the vulnerabilities, which have all now been patched.
Read more about the vulnerabilities here.
麦子金服通过ISO27001国内国际双认证 信息安全再升级
为了获得更好的安全宣贯效果,我们开发了信息安全宣传手册,它使用朗朗上口的语句,配以形象生动的漫画,深入浅出地告诉我们的员工,什么是信息安全,为什么要信息安全,信息安全认识误区,严禁的信息安全行为等等。

猜您喜欢

如何防范垃圾短信、骚扰电话、电话诈骗
互联网金融您不知道的肮胀交易
Security-Frontline-安全前线
袁纯清65岁到龄卸任 曾任山西省委书记
KOHSAMUI OBEDIENT-DOG
建立信息安全培训计划