Two new threats for mobile users



In the last two days, two new threats for mobile users are discovered by researchers.


A bug on Qualcomm’s Snapdragon code, at kernel-level

Snapdragon

The first, related to android ecosystem but focused on a particular CPU technology (Qualcomm Snapdragon) was discovered by Trend Micro:

We recently found vulnerabilities affecting Snapdragon-powered Android devices, which could be exploited by an attacker in order to gain root access on the target device simply by running a malicious app.


Two exploits, one result

More from Trend Micro:

CVE-2016-0819

We discovered this particular vulnerability, which is described as a logic bug when an object within the kernel is freed.

A node is deleted twice before it is freed.

This causes an information leakage and a Use After Free issue in Android.

CVE-2016-0805

This particular vulnerability lies in the function get_krait_evtinfo.

The function returns an index for an array; however, the validation of the inputs of this function are not sufficient.

As a result, when the array krait_functions is accessed by the functions krait_clearpmu and krait_evt_setup, an out-of-bounds access results.

This can be useful as part of a multiple exploit attack.

Using these two exploits, one can gain root access on a Snapdragon-powered Android device.

This can be done via a malicious app on the device.

Any Snapdragon-powered Android device with a 3.10-version kernel is potentially at risk of this attack.


Now it’s up to IOS

Fairplay

Paloalto Networks has discovered a new iOS malware threat named “AceDeceiver” that afflicts non-jailbroken iDevices via a flaw in Apple’s DRM mechanism:

What makes AceDeceiver different from previous iOS malware is that instead of abusing enterprise certificates as some iOS malware has over the past two years, AceDeceiver manages to install itself without any enterprise certificate at all.

AceDeceiver is the first iOS malware we’ve seen that abuses certain design flaws in Apple’s DRM protection mechanism — namely FairPlay — to install malicious apps on iOS devices regardless of whether they are jailbroken. This technique is called “FairPlay Man-In-The-Middle (MITM)” and has been used since 2013 to spread pirated iOS apps, but this is the first time we’ve seen it used to spread malware.

For more technical info, refer to “Paloalto Research Blog”