Weekly Summary : Android tel URi and Malaysia Grey Cloud
What a busy week so here is my late update.
You might have heard about remote USSD attack has been discussed last week. This ‘vulnerability’ exist due to improper handling of “tel:” URi in Android. It affects many phones and according to this entry, it has been verified on not only Samsung Galaxy S3, but also on an HTC One X (running HTC Sense 4.0 on Android 4.0.3) and a Motorola Defy (running Cyanogen Mod 7 on Android 2.3.5). Patch has been released to address this issue and Android 4.1 has been verified not vulnerable to this vulnerability. Alternatively, users can use TelStop or Auto-Reset Blocker to prevent tel URi to be executed without user prompt.
A little update from Malaysia landscape. Exabytes has announced that their cloud server has been compromised and some virtual machines and data have been deleted. Official announcement can be found here.
Thats all.. Stay safe