Android Certifi-gate vulnerability exploited, no patches in sight
Check Point, the company that disclosed the Certifi-gate vulnerability a few weeks ago, has published a blog post with further analysis of the problem. The security researchers report that an app called Recordable Activator was exploiting the vulnerability, using TeamViewer's plugin to gain system-level access and record the screen. The app has now been removed from Google Play, although Check Point claims it had somewhere between 100,000 and 500,000 downloads before that point.
The security company provides an application that tests whether a device is vulnerable and collects anonymous data. It's important to make a distinction: a "vulnerable device" is exploitable only if the user installs a remote support plug-in, while one that's both vulnerable and ...