CVE-2013-4787
Google Android - 'APK' code Remote Security Bypass
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature, probably involving multiple entries in a Zip file with the same name in which one entry is validated but the other entry is installed, aka Android security bug 8219321 and the "Master Key" vulnerability.
Android v1.6 Donut hasta v4.2 Jelly Bean no comprueban de forma adecuada las firmas criptográficas de las aplicaciones, lo que puede permitir que atacantes ejecuten código a través de una ficheros de empaquetado de aplicaciones (APK) que es manipulado de forma que no viole la firma criptográfica, probablemente incluyendo múltiples entradas en un fichero ZIP con el mismo nombre en el cúal una entrada está validada pero la otra es la que se instala, tambíen conocido como error de seguridad 8219321 y vulnerabilidad "Master Key".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-07-03 First Exploit
- 2013-07-09 CVE Reserved
- 2013-07-09 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key | X_refsource_misc | |
| http://review.cyanogenmod.org/#/c/45251 | X_refsource_misc | |
| http://www.osvdb.org/94773 | Vdb Entry | |
| http://www.securityfocus.com/bid/60952 | Vdb Entry | |
| http://www.zdnet.com/google-releases-fix-to-oems-for-blue-security-android-security-hole-7000017782 | X_refsource_misc | |
| https://jira.cyanogenmod.org/browse/CYAN-1602 | X_refsource_misc | |
| https://plus.google.com/113331808607528811927/posts/GxDA6111vYy | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/38627 | 2013-07-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 1.6 Search vendor "Google" for product "Android" and version "1.6" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.0 Search vendor "Google" for product "Android" and version "2.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.0.1 Search vendor "Google" for product "Android" and version "2.0.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.1 Search vendor "Google" for product "Android" and version "2.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.2 Search vendor "Google" for product "Android" and version "2.2" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.2 Search vendor "Google" for product "Android" and version "2.2" | rev1 |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.2.1 Search vendor "Google" for product "Android" and version "2.2.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.2.2 Search vendor "Google" for product "Android" and version "2.2.2" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.2.3 Search vendor "Google" for product "Android" and version "2.2.3" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.3 Search vendor "Google" for product "Android" and version "2.3" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.3 Search vendor "Google" for product "Android" and version "2.3" | rev1 |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.3.1 Search vendor "Google" for product "Android" and version "2.3.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.3.2 Search vendor "Google" for product "Android" and version "2.3.2" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.3.3 Search vendor "Google" for product "Android" and version "2.3.3" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.3.4 Search vendor "Google" for product "Android" and version "2.3.4" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.3.5 Search vendor "Google" for product "Android" and version "2.3.5" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.3.6 Search vendor "Google" for product "Android" and version "2.3.6" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 2.3.7 Search vendor "Google" for product "Android" and version "2.3.7" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 3.0 Search vendor "Google" for product "Android" and version "3.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 3.1 Search vendor "Google" for product "Android" and version "3.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 3.2 Search vendor "Google" for product "Android" and version "3.2" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 3.2.1 Search vendor "Google" for product "Android" and version "3.2.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 3.2.2 Search vendor "Google" for product "Android" and version "3.2.2" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 3.2.4 Search vendor "Google" for product "Android" and version "3.2.4" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 3.2.6 Search vendor "Google" for product "Android" and version "3.2.6" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 4.0 Search vendor "Google" for product "Android" and version "4.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 4.0.1 Search vendor "Google" for product "Android" and version "4.0.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 4.0.2 Search vendor "Google" for product "Android" and version "4.0.2" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 4.0.3 Search vendor "Google" for product "Android" and version "4.0.3" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 4.0.4 Search vendor "Google" for product "Android" and version "4.0.4" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 4.1 Search vendor "Google" for product "Android" and version "4.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 4.1.2 Search vendor "Google" for product "Android" and version "4.1.2" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 4.2 Search vendor "Google" for product "Android" and version "4.2" | - |
Affected
| ||||||