Malformed certificates are created when two certificates are signed with a looped certificate chain.
Trend says that such Android unit may either slow down or hang up forcing the user to reboot.
Android framework works on two common used classes,JarFileandKeyStoreclasses.
Introducing the such a malformed certificate in any of these two classes can risk the rig.
Android commonly used class
JarUtils(./libcore/luni/src/main/java/org/apache/harmony/security/utils/JarUtils.java)
These may be used by the JarFile class.
It is used to verify a jar packages certificates and signature files.
Unfortunately, the JarUtils class cannot properly deal with a loop certificate chain and falls into endless loop.
Proof of Concept
The Researcher has also given the PoC for this vulnerability on their blog.
we will install a new app signed by one of the above certificates.
We get the following UI, which never ends.
The user has no choice in the matter.
Scenario 2 : Importing a malformed certificate on Android.
Resource :TrendMicro Labs
Read More
source: www.techworm.net
