COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. |
University of Cambridge > Talks.cam > Computer Laboratory Digital Technology Group (DTG) Meetings > The Lifetime of Android API vulnerabilities: case study on the JavaScript-to-Java interface
The Lifetime of Android API vulnerabilities: case study on the JavaScript-to-Java interfaceAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Andrew Rice. We examine the lifetime of API vulnerabilities on Android and propose an exponential decay model of the uptake of updates after the release of a fix. We apply our model to a case study of the JavaScript-to-Java interface vulnerability. This vulnerability allows untrusted JavaScript in a WebView to break out of the JavaScript sandbox allowing remote code execution on Android phones, this can often then be further exploited to gain root access. While this vulnerability was first reported in 2012-12-21 we predict that the fix will not have been deployed to 95% of devices until 2018-01-10, 5.2 years after the release of the fix. We show how this vulnerability is exploitable in many apps and the role that ad-libraries have in making this flaw so widespread. This talk is part of the Computer Laboratory Digital Technology Group (DTG) Meetings series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsNanoDTC Energy Materials Talks Rethinking the Crisis - The case for a Pluralist approach to Economics Neuropsychiatry discussion group Cambridge Women Engineering Safe AIOther talksSkyrmions, Quantum Graphs and Carbon-12 Deterministic RBF Surrogate Methods for Uncertainty Quantification, Global Optimization and Parallel HPC Applications Viral infection dynamics in transplant recipients undergoing immunosuppression Internal Displacement in Cyprus and childhood: The view from genetic social psychology Bringing Personality Theory Back to Life: On Persons-in-Context, Idiographic Strategies, and Lazarus |