Presentation is loading. Please wait.

Presentation is loading. Please wait.

Android WebKit browser exploit 報告者:劉旭哲. Nov, Alert Logic Researcher M.J.Keith show a exploit in the Webkit in the Android. This exploit could lead to.

Published byDarren Smith Modified over 9 years ago

Similar presentations

Presentation on theme: "Android WebKit browser exploit 報告者:劉旭哲. Nov, Alert Logic Researcher M.J.Keith show a exploit in the Webkit in the Android. This exploit could lead to."— Presentation transcript:

1 Android WebKit browser exploit 報告者:劉旭哲

2 Nov, Alert Logic Researcher M.J.Keith show a exploit in the Webkit in the Android. This exploit could lead to remote code execution or software crashes. Attacker can use it to install Trojan or other malicious software that could allow full access to the handset.

3 Users simple need to load a web page with specially crafted HTML. Android OS version 2.0-2.1 Mobile OS : – BlackBerry 、 Palm WebOS and Apple iOS Browser are built on the same platform : – Safari 、 Chrome 、 Firefox Mobile 、 Skyfire

4 36.2% 40.8%7.9% 15%

5 Port IP \uae08 \u000a\u0202 2222 10.0.2.2 Port IP \uae08 \u000a\u0202 2222 10.0.2.2 trigger use-after-free

6 This current exploit is not the “attack code” itself but rather the “malware” the code may download. An input validation issue exists in WebKit's handling of floating point data types. Solution : – Use other browser and update to Android 2.2

7 Demo Video

8 Reference http://www.zdnet.co.uk/news/security- threats/2010/11/08/researchers-expose-android-webkit-browser- exploit-40090787/ http://www.zdnet.co.uk/news/security- threats/2010/11/08/researchers-expose-android-webkit-browser- exploit-40090787/ http://www.informationsecurity.com.tw/article/article_detail.aspx? tv=11&aid=5946 http://www.informationsecurity.com.tw/article/article_detail.aspx? tv=11&aid=5946 http://adkz.blogspot.com/2010/11/android-exploits.html http://imthezuk.blogspot.com/2010/11/remote-code-execution- on-android-20-21.html http://imthezuk.blogspot.com/2010/11/remote-code-execution- on-android-20-21.html http://imthezuk.blogspot.com/2010/11/float-parsing-use-after- free.html http://imthezuk.blogspot.com/2010/11/float-parsing-use-after- free.html http://developer.android.com/resources/dashboard/platform- versions.html http://developer.android.com/resources/dashboard/platform- versions.html http://www.youtube.com/watch?v=czx_AKdj8ug http://www.exploit-db.com/exploits/15423/

Download ppt "Android WebKit browser exploit 報告者:劉旭哲. Nov, Alert Logic Researcher M.J.Keith show a exploit in the Webkit in the Android. This exploit could lead to."

Similar presentations

UNIT-e futures and UNIT-e Mobile Ben Potter Systems Architect.

UNIT-e futures and UNIT-e Mobile Ben Potter Systems Architect.
Name of submission Name of submitting company and full contact information of person submitting.

Name of submission Name of submitting company and full contact information of person submitting.
What’s new in this release? September 6, 2012. Milestone Systems Confidential Milestone’s September release 2012 XProtect ® Web Client 1 Connect instantly.

What’s new in this release? September 6, Milestone Systems Confidential Milestone’s September release 2012 XProtect ® Web Client 1 Connect instantly.
Kinesis Survey Technologies Kinesis Webinar January 8 & 9, 2014 Mobile Testing - Best Practices.

Kinesis Survey Technologies Kinesis Webinar January 8 & 9, 2014 Mobile Testing - Best Practices.
SHAREPOINT PAKISTAN USER GROUP #1 SHAREPOINT COMMUNITY IN PAKISTAN AND ASIA HTML5 and SharePoint 2013.

SHAREPOINT PAKISTAN USER GROUP #1 SHAREPOINT COMMUNITY IN PAKISTAN AND ASIA HTML5 and SharePoint 2013.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
By: Tyler Cap.  Basically a Pandora recommendation system for clothing  Like/Dislike an outfit or article or clothing  Match items to create an outfit.

By: Tyler Cap.  Basically a Pandora recommendation system for clothing  Like/Dislike an outfit or article or clothing  Match items to create an outfit.
Researcher Finds Google Android Data Stealing Vulnerability 報告者:劉旭哲.

Researcher Finds Google Android Data Stealing Vulnerability 報告者:劉旭哲.
Claro Software 2015 Alasdair King Claro Software.

Claro Software 2015 Alasdair King Claro Software.
Native vs hybrid vs web mobile Application

Native vs hybrid vs web mobile Application
Desktop and Mobile Testing Miroslav Shtilianov QA Engineer Automated Testing Team Telerik QA Academy

Desktop and Mobile Testing Miroslav Shtilianov QA Engineer Automated Testing Team Telerik QA Academy
 jQuery Mobile An Introduction. What is jQuery Mobile  A framework built on top of jQuery, used for creating mobile web applications  Designed to make.

 jQuery Mobile An Introduction. What is jQuery Mobile  A framework built on top of jQuery, used for creating mobile web applications  Designed to make.
Tivoli Software © 2010 IBM Corporation Maximo Everyplace 7.1.1 Lori Landesman.

Tivoli Software © 2010 IBM Corporation Maximo Everyplace Lori Landesman.
Mobile Application Development with ANDROID. Agenda Mobile Application Development (MAD) Intro to Android platform Platform architecture Application building.

Mobile Application Development with ANDROID. Agenda Mobile Application Development (MAD) Intro to Android platform Platform architecture Application building.
Suleyman YILDIRIM.  Overview  Browser support  Scalability  Performance  Demos  Added value to the project.

Suleyman YILDIRIM.  Overview  Browser support  Scalability  Performance  Demos  Added value to the project.
Web Site development By: Cesar Torres THE WIX. What is WIX? Wix.com is a website that provides an easy-to-use online platform where you can create and.

Web Site development By: Cesar Torres THE WIX. What is WIX? Wix.com is a website that provides an easy-to-use online platform where you can create and.
2010.11.22 資安新聞簡報 報告者:劉旭哲、曾家雄. Spam down, but malware up 報告者:劉旭哲.

資安新聞簡報 報告者:劉旭哲、曾家雄. Spam down, but malware up 報告者:劉旭哲.
Phish your victims in 5 quick steps. Phish yourself today In less than 5 minutes What is Phish5? Phish5 is a Security Awareness service With Phish5, a.

Phish your victims in 5 quick steps. Phish yourself today In less than 5 minutes What is Phish5? Phish5 is a Security Awareness service With Phish5, a.
Java Mobile Apps with GWT & PhoneGap Josh Marinacci, webOS Developer Advocate.

Java Mobile Apps with GWT & PhoneGap Josh Marinacci, webOS Developer Advocate.
Researchers turn USB cable into attack tool 報告人:劉旭哲.

Researchers turn USB cable into attack tool 報告人:劉旭哲.

Similar presentations

Ads by Google