Earlier this month, Bluebox unveiled a major security exploit in Android that allowed the hacker to directly modify the contents of an APK without any intervention from the user. The vulnerability, apparently, affected nearly 99% of Android devices out there.
While Google and other popular ROM makers quickly patched the exploit, none of the OEMs have rolled out an update for their Android devices that actually fixes the exploit.
Now, Saurik, the developer behind Cydia Jailbreak for iOS and Substrate for Android, has released an in-depth write-up about the bug #8219321. His incredibly detailed write-up not only explains how the exploit works in details, but also provide a fix. If you are a developer or a hacker, this should make for a very interesting read.
Regarding the ‘Master Key’ exploit – The exploit has been hyped by the media. While the exploit has a lot of theoretical implications, there are no known malware floating around on the Internet that make use of it.