AndroidVulnerabilities.org

APK unsigned shorts

(json)

• CVE numbers: ANDROID-9695860 [citation-needed]
• Coordinated disclosure?: true
• Categories: signature
• Details: File offsets in zips are supposed to be unsigned but were interpreted as signed allowing different content to be verified from the content executed. [citation-needed]
• Discovered by: on: Unknown
• Reported on: 2013-07-10 [sina-shorts], 2013-07-10 [ard-police-shorts]
• Fixed on: 2013-07-03 [patch-unsigned-shorts]
• Fix released on: 2013-07-24 [verge-android-4.3]
• Affected versions: 1.6-4.2 [citation-needed] regex: ([1-3].[0-9].[0-9])|(4.[0-2].[0-9])
• Affected devices: all [citation-needed]
• Affected manufacturers: all [citation-needed]
• Fixed versions: 4.3_r1 [patch-unsigned-shorts]
• Submission: by: Daniel R. Thomas, on: 2013-09-04