Number: IRCNE2015112684
Date: 2015/11/17
According to “zdnet”, a Chinese researcher has discovered an exploit which allows attackers to hijack Android mobile devices through the Chrome browser, placing millions at risk.
Speaking at the PacSec conference held in Tokyo, Japan this month, Qihoo 360 researcher Guang Gong demonstrated how the zero-day flaw could be exploited to take over a fully updated Android device.
As reported by Security Affairs, the Chinese security expert leveraged a JavaScript v8 flaw through the Chrome browser to hijack a Google Project Fi Nexus 6 device running the latest OS, Android 6.0 Marshmallow.
Ruiu called the attack a "one-shot exploit" which "did everything in one go instead of chaining multiple vulnerabilities," -- a serious problem for Android security which also suggests millions of devices running the Javascript engine could be affected, placing countless users at risk.
In July, Google issued a security update which patched critical flaws in the Chrome browser, including a number of high-risk universal cross-site scripting errors.
The spokesperson added that Google is looking into a fix right now and will share more details as soon as it can.
- 8