14 DAY TRIAL // Turkish security researcher Ibrahim Balic claims to have found an Android vulnerability that could lead to memory corruption. While testing his findings, he may have crashed Google Play a couple of times.
According to the expert, Android 2.3, 4.2.2 and 4.3 are certainly affected, but he believes that all versions of the operating system are vulnerable.
He has found that executing a malformed APK file leads to a denial-of-service (DOS) condition and the device freezes. Balic wanted to test his theory against Bouncer, the Android anti-malware system developed by Google, so he uploaded a malformed APK file to Google Play.
Shortly after, he started getting errors on Google Play. In addition, during the time he performed his tests, many people reported being unable to upload applications to Google’s app market.
“I think it was probably because of testing my PoC exploit on Google Play,” Balic noted in a blog post.
He uploaded the malformed APK file twice and each time the developer console crashed. He uploaded his POC exploit for the second time “to be sure” that the console crashed because of his app.
In a post on Reddit, Balic noted that Google appears to have fixed the issue.
In case the name Ibrahim Balic sound familiar to you, that’s because back in August 2013 he was at the center of a similar story. At the time, Apple’s developer portal suffered an outage. The expert said the downtime coincided with his attempts to demonstrate the existence of a vulnerability that exposed the details of 100,000 users.
Apple denied that the outage was a result of Balic’s penetration testing.