APK duplicate file

CVE numbers: ANDROID-8219321 [citation-needed], CVE-2013-4787 [citation-needed]
Coordinated disclosure?: true
Categories: signature
Details: Android does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature. Android security bug 8219321. [citation-needed]
Discovered by: Jeff Forristal of Bluebox security [bluebox-master-key][archived] on: 2013-02-18 [bluebox-master-key][archived]
Reported on: 2013-07-03 [bluebox-master-key][archived]
Fixed on: 2013-02-18 [patch-apk-dup-file]
Fix released on: 2013-07-24 [verge-android-4.3]
Affected versions: 1.6-4.2 [citation-needed] regex: ([1-3].[0-9].[0-9])|(4.[0-2].[0-9])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 4.3_r0.9 [patch-apk-dup-file]
Submission: by: Daniel R. Thomas, on: 2013-09-02

AndroidVulnerabilities.org