android webkit browser exploit n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Android WebKit browser exploit PowerPoint Presentation
Download Presentation
Android WebKit browser exploit

Loading in 2 Seconds...

play fullscreen
1 / 8

Android WebKit browser exploit - PowerPoint PPT Presentation


  • 145 Views
  • Uploaded on

Android WebKit browser exploit. 報告者 :劉旭哲. Nov, Alert Logic Researcher M.J.Keith show a exploit in the Webkit in the Android. This exploit could lead to remote code execution or software crashes.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Android WebKit browser exploit' - judd


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
android webkit browser exploit

Android WebKit browser exploit

報告者:劉旭哲

slide2

Nov, Alert Logic Researcher M.J.Keith show a exploit in the Webkit in the Android.

  • This exploit could lead to remote code execution or software crashes.
  • Attacker can use it to install Trojan or other malicious software that could allow full access to the handset.
slide3

Users simple need to load a web page with specially crafted HTML.

  • Android OS version 2.0-2.1
  • Mobile OS:
    • BlackBerry、Palm WebOSand Apple iOS
  • Browser are built on the same platform:
    • Safari、Chrome、Firefox Mobile、Skyfire
slide4

36.2%

40.8%

7.9%

15%

slide5

trigger use-after-free

Port IP

\uae08 \u000a\u0202

2222 10.0.2.2

slide6

This current exploit is not the “attack code” itself but rather the “malware” the code may download.

  • An input validation issue exists in WebKit'shandling of floating point data types.
  • Solution:
    • Use other browser and update to Android 2.2
reference
Reference
  • http://www.zdnet.co.uk/news/security-threats/2010/11/08/researchers-expose-android-webkit-browser-exploit-40090787/
  • http://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=5946
  • http://adkz.blogspot.com/2010/11/android-exploits.html
  • http://imthezuk.blogspot.com/2010/11/remote-code-execution-on-android-20-21.html
  • http://imthezuk.blogspot.com/2010/11/float-parsing-use-after-free.html
  • http://developer.android.com/resources/dashboard/platform-versions.html
  • http://www.youtube.com/watch?v=czx_AKdj8ug
  • http://www.exploit-db.com/exploits/15423/