Current location - Quotes Website - Personality signature - Where is the Android vulnerability poc?
Where is the Android vulnerability poc?
A few days ago, Pau Oliva Fora, a security researcher at Via Forensics, released a proof-of-concept module on GitHub, which can exploit the vulnerability of verifying the authenticity of signatures. The proof-of-concept attack uses the open source Android reverse engineering tool APK, which can reverse engineer, decompile and recompile binary Android applications with closed source code.

Fora's script allows users to inject malicious code during recompilation, and the final compiled binary program has the same encryption signature as the original legal application.

Google said that it provided patches to OEMs and operators as early as March this year. For example, Samsung has released updates to users, but due to the fragmentation of Android system, a large number of users have not updated.