1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Zero-day flaw in Google Admin app allows malicious apps to read its files

Discussion in 'Network World' started by RSS, Aug 14, 2015.

  1. RSS

    RSS New Member Member

    An unpatched vulnerability in the Google Admin application for Android can allow rogue applications to steal credentials that could be used to access Google for Work acccounts.

    One of the main aspects of the Android security model is that apps run in their own sandboxes and cannot read each other’s sensitive data through the file system. There are APIs for applications to interact with each other and exchange data, but this requires mutual agreement.

    But researchers from security consultancy firm MWR InfoSecurity in the U.K. discovered a flaw in the Google Admin app that could be exploited by potentially malicious applications to break into the app’s sandbox and read its files.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page