[guardian-dev] vuln: malicious Android apps can bypass active VPN configuration

ShootAKite at riseup.net ShootAKite at riseup.net
Sat Jan 18 15:29:14 EST 2014


I don't have the proof of concept for the exploit so I'm speculating...
The fix to be a verification of the 3rd party UID for onBind() within
BIND_VPN_SERVICE before returning the IBinder
http://developer.android.com/reference/android/net/VpnService.html
http://developer.android.com/reference/android/net/VpnService.Builder.html
A



More information about the Guardian-dev mailing list