Fwd: Trustlook discovered Microsoft’s first high risk Android Vulnerability

[Raymond Zhang <bugfree () gmail com>]

http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/

Imagine in a leisurely afternoon, you are sitting in a coffee shop.
You want to search for the latest movie information for tonight’s
dating. So you connected to the public wifi called “Starbucks”, and
opened the Bing app.

Sounds natural? What you can’t imagine is, at the moment you opened
the Bing app (com.microsoft.bing) under an untrusted wifi, your phone
or tablet could be hacked completely. The hacker could download and
install any malware app to your phone, turn your phone into a tapping
device or make unauthorized phone calls. As the Bing Android app
(4.2.0 and lower) has been discovered a remote code execution
vulnerability, attackers can execute arbitrary Java code when the app
is opened under a compromised network.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/