Good news ! Hackbusters community is waiting for you !
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at:

Android App Developers at Risk of Attacks via ParseDroid Vulnerability


A vulnerability codenamed ParseDroid affects development tools used by Android app developers and allows attackers to steal files and execute malicious code on vulnerable machines.

Discovered by security researchers from Israeli firm Check Point, ParseDroid affects the XML parsing library included with projects such as APKTool, IntelliJ, Eclipse, and Android Studio.

Researchers discovered that this library does not disable external entity references when parsing an XML file, a classic XML External Entity (XXE) vulnerability that attackers can exploit with ease.

Attackers can steal files from PCs running vulnerable IDEs

"The vulnerability exposes the whole OS file system of [affected] users, and as a result, attackers could then potentially retrieve any file on the victim's PC by using a malicious AndroidManifest.xml file," researchers said.

All Android apps contain an AndroidManifest.xml file, which makes this the perfect place to hide malicious code.

Developers using...(continued)

View All Trending Stories