A widespread vulnerability in Google’s Android mobile operating system could affect around half of all current Android device users.
The vulnerability was discovered by Unit 42, the threat intelligence unit at Palo Alto Networks, and could allow an attackers to hijack the installation of a seemingly safe Android application – Android Package File (APK) – on user devices, and replace it with an app of the attacker’s choice, without the user’s knowledge. Once exploited, this vulnerability allows the attacker to distribute malware, compromise devices and steal user data.
Ryan Olson, intelligence director of Unit 42 at Palo Alto Networks, said: “This Android vulnerability means users who think they’re accessing legitimate applications with approved permissions may instead be exposed to data theft and malware. We urge users to take advantage of the diagnostic application provided by Palo Alto Networks to check their devices, and we thank Google, Samsung and Amazon for their cooperation and attention.”