I just found out about this bug from my Bluebox which I just installed today. According to your link Google is aware of bug 9695860 and already has a fix for it. When I run Bluebox , it says this bug is unpatched and to "ask your device vendor for update". I do not understand all of this, obviously, and would like to ask anyone out there what's next? Should I leave it as is and wait for the patch to automatically update my device or what? I see that there are lots of patches available to download out there on the Internet but I am certainly not going to trust them and download "their fix"! BTW I have used AVG and Lookout on all my devices since my first smartphone. Will these virus protectors take care of this bug? Advice is greatly appreciated! Thanks!
On Saturday, July 13, 2013 12:24:30 AM UTC-5, Jeffrey Walton wrote: > > Hi All, > > I was reading through Bug 9695860 write up (available at > > http://www.androidpolice.com/2013/07/11/second-all-access-apk-exploit-is-revealed-just-two-days-after-master-key-goes-public-already-patched-by-google/). > > > > Am I the only guy scratching my head in disbelief in AOSP's > unwillingness to validate fields properly? What's with the stupid > programmer tricks of forcing a negative value to positive? Those silly > tricks just turned -2 into 65534, which is still probably incorrect. > Is there any reason an APK is not rejected as malformed? > > Jeff > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
