Vigil@nce - Android Kaspersky Internet Security: two vulnerabilities
August 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Android Kaspersky
Internet Security.
Impacted products: Android Applications not comprehensive.
Severity: 2/4.
Creation date: 10/06/2016.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Android Kaspersky
Internet Security.
An attacker can intercept unprotected or wrongly protected network
communications, notably WiFi ones, for instance to corrupt ou
remove signature databases. Typically TLS is not used or the
server authentication is incomplete (incomplete certificate
validation for instance). [severity:2/4]
An attacker can submit a zip archive including path with "../", in
order to overwrite any file. [severity:2/4]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Android-Kaspersky-Internet-Security-two-vulnerabilities-19868