Android Developments were affected by ParseDroid Vulnerability
Text to Speech Voices
A few days ago, researchers at Check Point discovered a vulnerability codenamed ParseDroid affects development tools used by Android developers and allows attackers to steal files and execute malicious code on vulnerable computers.
Security researchers at Check Point have found that ParseDroid affects XML parsing libraries contained in projects like APKTool, IntelliJ, Eclipse and Android Studio. The researcher found that when parsing an XML file, the library did not disable external entity references, a typical XML External Entity Injection (XXE) vulnerability that an attacker could easily exploit.
An attacker could steal files from a PC running a vulnerable IDE
The researcher said the vulnerability exposes the entire system’s file system to affected users, so an attacker could potentially retrieve any file on the victim’s PC by using a malicious AndroidManifest.xml file. We know that all Android apps include an AndroidManifest.xml file, making it an ideal place to hide malicious code.
Developers using development tools such as APKTool, IntelliJ, Eclipse, or Android Studio Open an app that contains malicious AndroidManifest.xml files that can easily be stolen by attackers.
Check Point said it has notified the development team of all affected products that the team has also released an update that fixes the ParseDroid vulnerability. Android developers and security researchers who use these tools to compile or decompile the APK for Android APKs should update their IDE.
In addition, APKTool is also vulnerable to the second vulnerability. The vulnerability allows an attacker to execute the code required by an attacker on a vulnerable system, allowing attackers to scale data from stealing to implementing more complex things like more sophisticated malware being embedded on a specific target computer.
ParseDroid attack is easy to perform
It’s easy for developers to attack with ParseDroid because malicious XML code can be hidden in many other places, not just the AndroidManifest.xml file. For example, malicious code can also be hidden in an AAR (Android Archive Library) file.
[adsense size='1' ]
In addition, attackers host malicious code into app modules and libraries disguised as open source and place it on GitHub, making it easy to influence thousands of users without having to dedicate too many resources to ParseDroid attacks.
ParseDroid is a cross-platform bug where attackers can attack developers using any operating system. Moreover, this attack is a silent process, and users do not notice that hackers are stealing sensitive files from their system. Be aware that many developers work for companies, some of which are hacked systems that may contain closed source code, intellectual property or trade secrets.
Of course, ordinary app users do not have to worry about the ParseDroid vulnerability affecting you.
Source: BleepingComputer
Gloss