Author: Mike Hearn 2015-01-28 17:45:10
Published on: 2015-01-28T17:45:10+00:00
The maker of BlackPhone has fixed a critical vulnerability which allowed hackers to run malicious code on the handsets. Attackers needed little more than a phone number to send a message that could compromise the devices via the Silent Text application. The flaw occurred during the deserialization of these JSON objects and was a type confusion vulnerability, which when exploited allowed an attacker to overwrite a pointer in memory. The C++/Java/Python protocol buffer implementations are used by Google for all internal inter-server communication. Any similar exploit in them would result in total bypass of their entire internal security and auditing system by allowing you to run code as any user. The vision for BIP70 has always been to be a foundation for many features.
Updated on: 2023-06-09T15:31:07.627612+00:00