Bugs in Android’s Binder inter-process communication (IPC) mechanism open up a mass of security bugs, according to University of Michigan boffins Huan Feng and Kang Shin. In a paper posted to Arxiv, the duo say developers aren’t doing enough sanity checking between Binder server and clients. Specifically, they often forget to sanity-check client-side transactions.
View full story
ORIGINAL SOURCE: The Register