14 DAY TRIAL // Spanish security researcher Pau Oliva Fora has released a “quick” proof-of-concept exploit for the Android vulnerability that could be leveraged to turn any app into a Trojan without breaking its cryptographic signature.
The expert highlights that the details of the bug were already public in a CyanogenMod bug report. He simply wrote a POC based on the available information.
CyanogenMod has already addressed the issue that is said to affect around 900 million Android devices. Google has also patched the flaw.
According to Security Ledger, some OEMs, such as Samsung, have also started rolling out a patch.
So far, there’s no evidence that cybercriminals are exploiting the bug in the wild. However, the main concern is that it usually takes OEMs a lot of time to make sure security patches reach their customers.
In addition, those who have older smartphone models will probably not receive the patches at all.