Right... lets lower the priority of memory corruption bugs in the browser. Surely no one would ever change the exploit to use a payload that performs actions other than a reverse shell, or spam out malicious URL's to Android users. THATS never been done..
Great review. ***** (5/5) On Feb 20, 12:16 pm, Ian French <[email protected]> wrote: > I tested this exploit on my own phone running 2.3 and found that it was > still effective, but only after making sure my phone was set up precisely > the right way. I needed to have a specific IP address, for example, and the > vuln required a rather complicated means of designating an address; > hexadecimal and then placed in reverse byte order. It also required having > netcat listening on a specific port, not to mention the android user must > also be hooked to the attackers webpage, either through port redirecting or > social engineering. And after it was all said and done, you had to know what > you were looking for on the sd card (being the attacker) since you were > operating pretty much blind. All in all, id say there are bigger, easier > ways to exploit someone's device we need to worry about before this method. > > Ian -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
