Security News > 2016 > August > Attackers can hijack unencrypted web traffic of 80% of Android users (Help Net Security)
2016-08-16 16:47
The recently revealed security bug (CVE-2016-5696) in the TCP implementation in the Linux kernel that could allow attackers to hijack unencrypted web traffic without an MitM position also affects some 1.4 billion Android devices, Lookout researchers have warned. “We can estimate then that all Android versions running the Linux Kernel 3.6 (approximately Android 4.4 KitKat) to the latest are vulnerable to this attack or 79.9% of the Android ecosystem,” they noted. This fact should not … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/aqW7jwG1nL0/
Related news
- Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV) (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- WinRAR flaw bypasses Windows Mark of the Web security alerts (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-06 | CVE-2016-5696 | Information Exposure vulnerability in multiple products net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack. | 4.8 |