Critical Vulnerability in Android Phone Let Hackers Execute an Arbitrary Code Remotely


Android vulnerability

Researchers discovered a new Critical Android vulnerability that may allow attackers to perform remote code execution on a vulnerable Android device and to take control of it.

The vulnerability resides in the way Android handing the proxy auto-config (PAC), a file that defines how web browsers and other user agents can automatically choose the appropriate proxy server.

In this case, Android uses a library called libpac. In order to parse the Javascript, libpac using the V8 JS engine which is the main attack surface and the version of V8 is vulnerable to recent exploit and leads to crash the PacProcessor service.

Read more…