WELCOME TO EHOST.COM.NP

Monday, July 31, 2017

Apktool Receives an Update to 2.2.4, Includes Security Fixes and More

ads space

Apktool is s very popular piece of software among some of the more dedicated Android enthusiasts. The software has made headlines time and time again with the most recent being in June when Connor Tumbleson was able to receive sponsorship for the project thanks to Sourcetoad. Today, he has announced a new update which brings its version up to 2.2.4 and comes with some important security patches along with a few slowdown fixes when decoding applications.

In case you’re unaware, Apktool is a piece of software that has been written in Java which mainly allows you to disassemble/reverse engineer 3rd party Android applications. Granted, it also does a lot of other things as well, but most people know it for its reverse engineering capabilities. Mr. Tumbleson has just pushed out a big update over the weekend that is likely to make a lot of people happy with the specific fixes that it comes with.

As mentioned, version 2.2.4 comes with some important security fixes. These issues were disclosed by Chris Shepherd (IBM Security) & Eran Vaknin, Gal Elbaz, Alon Boxiner (Checkpoint), and did so responsibly so that Apktool could be patched before things got out of hand. If you’d like to read into these vulnerabilities in more detail, then you can read more about them here. To summarize, this update patched a XXE Attack (which is more formally known as a XML eXternal Entity Attack) and a XXE OOB Attack (known as the XML eXternal Out-Of-Band Attack) and an Apktool Path Traversal exploit.

There were also some reports of Apktool slowing down when it was used to decode an Android application. There were a number of instances in which this happened and a few of them have been fixed in this update. For those who use Apktool in any public facing environment, then it is highly advised that you update the software immediately. If you’re using it in your own personal environment though then the security patches are less important and you can update it as your own leisure.

Apktool v2.4.4 Changelog

  • [#1520] – Android O Final Dev Preview Support
  • [#591] – SnakeYAML 1.1.8 (Android Support)
  • [#1489] – Fix issue with APKs taking longer than usual to parse resources. (Thanks MarcMil)
  • [#1543] – Fix issue with internal binaries not accessible in a Spring boot environment. (Thanks bingqiao)
  • [#1520] – Fix issues with rebuilding applications originally built with aapt2.
  • [#1532] – Patch aapt to support the $ character in resource filenames.
  • [#1561] – Fix issue where apktool was holding locks onto files during execution. (Thanks MarcMil)
  • [#1534] – Fix issue with APKs that last resource in pool is INVALID_TYPE_CONFIG.
  • [#1564] – Fix issue with APKs that are including malformed characters to break parser.
  • Only exit with 0 error code during version commands.
  • Enforce license header on all source files.
  • [Security] Prevent malicous directory traversal with unknown files.
  • [Security] Prevent XXE vulnerability when given a malicious AndroidManifest.xml
  • Upgrade to gradle 4.0.
Source: Connor Tumbleson

ads space
ADS SPACE

0 comments:

Post a Comment

Categories

Article How-to All Posts WordPress Android Web design Blogger Plugins CSS Google JQuery Plugins Programming Reviews Web Hosting Blogger Blogging Blogging Tips Tricks Web Development Facebook Git Internet Make Money Online Social Plugins Tips Tips and Tricks Tools Tutorials Windows WordPress Plugins Blogging Tips and Tricks Freebies GSM Google Analytics HTML How To's JavaScript Plugin Development S.E.O SEO SMS SmartPhone Social Media Tips amp; Tricks Top-Most Updates Webmaster Tools Whatsapp Applications Apps Blogger Basics Documentary Downloads Entertainment Gadgets Games Gmail Google AdSense Guest Post IPhone Make Money Blogging SVN Security Softwares Web Hosting Tips and Tricks Wordpress Tips Wordpress Tips and Tricks hostgator iOS Advertising Networks Advertising Technology Affiliates Antivirus Audience amp; Traffic Biography Blog post Blog post Blogger Blogger Errors Blogger Tips Blogger Tools Blogger Widget Blogosphere Bogger Widgets CSS selectors CSS symbols CSS3 Computer amp; Internet Content Writing Coupon Codes Data amp; Analytics Deleted blog Design DoubleClick for Publishers Email and newsletter marketting Email marketing Excel Tips Excel Tips and Tricks Facebook Tricks Feed Feedburner Feedburner subscribers Font Fun GitHub Giveaways Gmail primary inbox Gmail tabs Google sign-in Guides HTML amp; CSS HTML5 Infographics Inspirational Instagram Internet Marketing Internet Tips amp; Tricks Job Listings Knowledge Life Hacks Lists Make-Money Monetization amp; Conversion Monetize Navigation Online Marketing Other PHP Tutorials Passport Publishing amp; Content Quotes RSS Sidebar Smartphones Social Networking Status Tech Tech Blog Technology Telegram Themes UI / UX User Psychology amp; Research VB.Net Web Tools Web browser Widget Windows Tips Windows-10 ad viewability admin notice blogging tools bluehost cherry-pick clone cors custom scrollbar customizer dismissible notices duplicate post feed title git branch git clone gpg gpg2 hybridauth iPad icon font notice responsive wordpress theme same origin policy scrollbar signed git commit smartsvn theme customizer vcs wordpress theme wordpress themes

Blog Archive