ParseDroid vulnerabilities threatened most Android development tools
A collection of vulnerabilities known as ParseDroid put users of popular Android development tools at risk.
Research from Check Point has discovered several vulnerabilities in downloadable and cloud-based Android development tools which all Java/Android programmers use to build their companies business applications. Even security analysts and reverse-engineers use some of the affected softwares to conduct their work.
The vulnerabilities were found to affect the most common Android IDEs including Google’s own Android Studio, JetBrains’ IntelliJ IDEA, and Eclipse. Popular reverse-engineering tools for Android that were affected include APKTool, the Cuckoo-Droid service, and others.
Check Point notes how WikiLeaks leaked information as part of its ‘Vault 7’ release on how the CIA and NSA exploited vulnerabilities in the likes of CCleaner, Notepad++, and more to spread malware and acquire information on companies and their users.
This video demonstrates how the vulnerabilities could be used to attack the Android developer community:
Since discovering the vulnerabilities, Check Point informed the affected software makers of the problems. Google and JetBrains have verified and acknowledged the security issues and have since “effectively deployed a fix.”
The full technical analysis can be found here.
Are you concerned by Check Point’s findings? Let us know in the comments.
- » Huawei founder provides more details about HongMeng OS
- » Progress releases NativeScript 6.0 framework to speed up cross-platform development
- » Google is free to supply Huawei with Android once more
- » Samsung releases a blockchain SDK for smartphone dApps
- » Intel launches new C++-based language as part of One API plans