A major vulnerability in the Android OS has been discovered by cybersecurity firm Check Point, but reportedly won’t be fixed until the next build, despite Google being aware of the issue.
Check Point says it found the source of the danger comes from the permission model ‘SYSTEM_ALERT_WINDOW,’ which was added in Android version 6.0.0 (“Marshmallow”).
SYSTEM_ALERT_WINDOW is said to be unique in its ability to “enable an app to display over any other app without notifying the user.” This can potentially lead to multiple sources of cyber attacks, including ransomware, banking malware and adware.
According to Check Point, nearly 45 percent of the applications using SYSTEM_ALERT_WINDOW are from the Google Play Store.
Check Point says Google will be fixing this flaw in the upcoming Android O version. In the meantime, Check Point suggests users avoid “fishy apps” by reading comments from other people and to use “a protective solution capable of identifying and blocking known and unknown malware.”
Microsoft users should also be aware of an issue with Windows Defender that led to devices becoming vulnerable to ransomware.
Source: Check Point
Via: Phone Arena