There is a small bug in the signature verification of OTA packages in the Android Open Source Framework.
Official builds doing normal double verification of packages are not vulnerable but OEMs and third party apps may be.
Jérémy Jourdois explains it here:
https://blog.quarkslab.com/aosp_ota_signature_bug.html
Official builds doing normal double verification of packages are not vulnerable but OEMs and third party apps may be.
Jérémy Jourdois explains it here:
https://blog.quarkslab.com/aosp_ota_signature_bug.html
Comments