Android 1.6 Donut up to and including 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows malicious users to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature, probably involving multiple entries in a Zip file with the same name in which one entry is validated but the other entry is installed, aka Android security bug 8219321 and the "Master Key" vulnerability.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
google android 2.3.3 |
||
google android 2.3.4 |
||
google android 4.0 |
||
google android 4.1.2 |
||
google android 4.0.4 |
||
google android 4.0.3 |
||
google android 4.0.2 |
||
google android 4.2 |
||
google android 4.0.1 |
||
google android 2.3 |
||
google android 2.2.2 |
||
google android 1.6 |
||
google android 2.1 |
||
google android 3.1 |
||
google android 2.3.2 |
||
google android 3.2.2 |
||
google android 3.2.1 |
||
google android 2.2.1 |
||
google android 2.3.5 |
||
google android 2.2 |
||
google android 2.3.6 |
||
google android 3.0 |
||
google android 2.3.7 |
||
google android 4.1 |
||
google android 3.2.4 |
||
google android 3.2 |
||
google android 2.2.3 |
||
google android 2.3.1 |
||
google android 2.0 |
||
google android 2.0.1 |
||
google android 3.2.6 |
Vulmon