[Quote] The vulnerability is a code signing flaw. Developer's 'sign' their apps with a cryptographic signature. That way, only the app developer is able to update or modify an existing app, because only the developer has the signature. Bluebox has discovered a way to subvert this. "This vulnerability makes it possible to change an application’s code without affecting the cryptographic signature of the applicationBlog from the Bluebox - a new player in the market
Update 17-Jul-13:
A second similar master-key vulnerability has been discovered.
No comments:
Post a Comment