We told you in yesterday’s blog entry about the serialization vulnerability that affects 6 in 10 Android devices. Also known as “One Class To Rule Them All“, the exploit was discovered by a group of researchers at IBM who prove that it is possible for evil-witted guys to mischievously replace an Android application you trust with something that resembles it but is meant to cause you harm instead.
Avira Vulnerability Checker for your Android
In order for you to check if your Android device can become a target against this type of attacks, we created a new app called Avira Vulnerability Checker. The app is free, it takes less than 1 minute to download and perform the check up on your mobile device and… it is already available for download in the Google Play Store.
Once installed, the application evaluates whether the Android OS on your device is vulnerable against the 0-day deserialization exploit.
This CVE (common vulnerabilities and exploits) refers to a “hole” in one of Android’s framework classes – OpenSSLX509Certificate – which allows attackers (by having non-transient, non-static, not overridden properties) to inject malicious code on your device. This allows them to gain more privileges which can ultimately be used to replace or install other apps on the end-user’s device.
Please note that this exploit can only be patched by the manufacturer of your device.
Until an update fixing this issue is delivered by your manufacturer, please make sure you download applications only from trusted sources and/or developers.