Using Android OS developer tools, attackers can sift through memory dump data and retrieve the device’s lock-screen password. “The vulnerability would have permitted an attacker to obtain a full memory dump of the Nexus 5X device, allowing sensitive information to be exfiltrated from the device without it being unlocked,” according Roee Hay, application security research team leader at X-Force. Researchers said it is unaware of known public exploits of this vulnerability. Disclosure of the vulnerability was shared by IBM’s X-Force team on Thursday.Īccording to X-Force, the vulnerability was “undocumented” and is tied to LG manufactured Nexus 5X’s Android running OS images 6.0 MDA39E through 6.0.1 MMB29V or running bootloaders bhz10i/k. Researchers at IBM’s X-Force Application Security Research Team discovered the flaw several months ago and worked with Google on a patch that was deployed recently. The vulnerability in Google’s line of phones would have allowed an adversary to exfiltrate data from the targeted phone via a forced memory dump of the device. Google’s Android security team has patched a vulnerability that left Nexus 5X devices open to attack even if the phone’s screen was locked.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |