Earlier this month, we discussed the discovery of the Master Key Vulnerability that allows attackers to inject malicious code into legitimate Android applications without in-validating the Digital Signature. We expected the vulnerability to be leveraged quickly due to ease of exploitation, and it has.
- Blog: First Malicious Use of "Master Key" Android Vulnerability Discovered