flaw in Android’s GUI framework let university researchers hack into applications with up to 92 percent success rate.
When a new screen or window is shown, the GUI framework allocates a fixed amount of memory in the shared memory register that’s proportional to the size of the screen. This memory is allocated inside the app process and shared with a separate window compositor process.
Shared memory is commonly adopted by window managers to receive window changes or updates from running applications.
When a user downloads a malicious app, the shared memory lets attackers steal information such as login credentials, and obtain sensitive camera images such as photos of personal cheques sent through banking apps.
As for fixing the flaw, Newegg’s Wu said, “everyone is responsible — the OS makers, app developers and phone users.”
The researchers “did a good job at pointing out and educating everyone about a possible vulnerability,” he continued. “Now it is up to all of us to do something about it.”
Sourced by Tennessee Frank