First it was theStagefrightvulnerability which could allow hackers to crash your smartphone just by sending a multimedia text.
Now, IBMs X-Force tool Security Research Team has discovered yet another critical vulnerability in Android smartphones and tablets.
The vulnerability has been dubbed as Android serialization vulnerability and given CVE-2015-3825.
The PoC exploit we created attacks the highly privileged system_server process.
This can then allow the attacker to perform actions on behalf of the victim.
We could also change the SELinux policy and, on some devices, also load malicious kernel modules.
Developers take advantage of classes within the Android platform and SDKs.
These classes provide functionality for apps for example, accessing the connection or the phones camera.
The X-Force research team has notified Google, which has already released patch for the flaw.
The X-Force research can be foundhere.
source: www.techworm.net
