We’ve been expecting an iOS7 jailbreak tool for some time. After all, researchers have been working towards this for the past few months, and the rumor mill was working overtime. Timing its release on 22nd of December, evasi0n7 JB was one holiday gift we weren’t excited about.
A relatively new commercial mobile bot, Hands of Thief (HoT) for Android, which targets users of online banking has been circulating the underground forums for the past three months. As its owner claims, this bot variant is “better than Perkele” – the notorious Android malware kit used to bypass multi-factor authentication.
Were we to pick the most notorious 2013 Android vulnerability – the dubious award would undoubtedly go to CVE-2013-6282. A privilege escalation flaw released in October and affects all Android versions 4.0-4.3.
What makes this vulnerability so abysmal?