Unauthorized Cross-App Resource Access on Mac OS X and iOS

This paper is to appear at the 22nd ACM Conference on Computer and Communications Security 2015 (CCS), authored by Luyi Xing, Xiaolong Bai, Tongxin Li, XiaoFeng Wang, Kai Chen, Xiaojing Liao, Shi-min Hu, Xinhui Han.

XARA Vulnerabilities on Mac OS X and iOS

On modern operating systems, applications under the same user are separated from each other, for the purpose of protecting them against malware and compromised programs.…

Read More

Upgrading Your Android, Elevating My Malware: Privilege Escalation Through Mobile OS Updating

Pileup Vulnerabilities in OS Updating

People tend to believe that an OS upgrade makes their mobile devices much securer and more reliable, because the new OS version presumably fixes security loopholes and enhances the system’s security protection. However, our recent study on the current Android upgrade mechanism brings to light a whole new set of vulnerabilities pervasively existing in almost all Android versions, which allow a seemingly harmless malicious app (“unprivileged app” in the security term) running on a version of Android to automatically acquire significant capabilities without users’ consent once they upgrade to newer versions!

Read More