Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

[The Register] Latest Android phones hijacked with tidy one-stop-Chrome-pop

Post a reply

:
In an effort to prevent automatic submissions, we require that you enter the letters that are written in red.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek: :angel: :clap: :crazy: :eh: :lolno: :problem: :shh: :shifty: :sick: :silent: :think: :thumbdown: :thumbup: :wave: :wtf: :yawn:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

If you wish to attach one or more files enter the details below.

Expand view Topic review: [The Register] Latest Android phones hijacked with tidy one-stop-Chrome-pop

[The Register] Latest Android phones hijacked with tidy one-stop-Chrome-pop

Post by parityboy » Fri Nov 13, 2015 4:53 pm

"The impressive thing about Guang's exploit is that it was one shot; most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction, " Ruiu says.

"As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone."

"The vuln being in recent version of Chrome should work on all Android phones; we were checking his exploit specifically but you could recode it for any Android target since he was hitting the JavaScript engine."


Source

Top

Nothing to display.

Login