"For the installation of malicious software, the user only needs to confirm that the software is allowed to read and write user data. According to the scientists this is also standard practice with trusted applications and doesn't, therefore, raise any suspicion ."
One upside: users could also use the security flaw to "replace the logos and ring tones installed for "branding" purposes."
Via Heise Security, who also noted that "It is still unclear whether the hole is located in the operating system itself or in the Java VM. The scientists didn't want to release any details to allow Sony Ericsson to fix the vulnerability. No statement has so far been received from the vendor."
Attacks on mobile phones are very rare, but still, if you have an affected phone, best not to install any software except from a site you absolutely trust in case it could be malware exploiting this hole. And hope that Sony Ericsson fix the vulnerability.
Tags:
2 comments:
Thanks! I do own a Sony Ericsson w810i...
Thanks for letting me know Tonnet.
I suspect Sony Ericsson won't be prioritising a fix, but I think you're pretty careful anyway about where you download from, aren't you?
Post a Comment
Comments are moderated for spam so may not appear immediately. No need to re-post.
I'm exceptionally busy at the moment so please be patient (or chase!) if I don't reply for a while. If you need help on Blogger you're much better off posting to the Blogger Help Group.
If you're not on Blogger please click "Other" & give a nickname (you can leave out Website). Or you'll just be "Dear Anon" when I reply.