Hi All, I was reading through Bug 9695860 write up (available at http://www.androidpolice.com/2013/07/11/second-all-access-apk-exploit-is-revealed-just-two-days-after-master-key-goes-public-already-patched-by-google/).
Am I the only guy scratching my head in disbelief in AOSP's unwillingness to validate fields properly? What's with the stupid programmer tricks of forcing a negative value to positive? Those silly tricks just turned -2 into 65534, which is still probably incorrect. Is there any reason an APK is not rejected as malformed? Jeff -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
