(via Critical app flaw bypasses screen lock on up to 100 million Android phones | Ars Technica)
A critical flaw in an Android app downloaded as many as 100 million times allows attackers to take full control of handsets even when they’re protected by screen locks.
The vulnerability in the Skype rival known as Viber affects Android smartphone brands such as Samsung, Sony, and HTC, according to a blog post published Tuesday by Bkav Internet Security. Although attack techniques differ from model to model, they all exploit programming logic in the way Viber handles popup messages, researchers with the company wrote.
A spokesman Viber Media, maker of the affected app, said company officials learned of the vulnerability on Wednesday and plan to release a fix next week.
“In the meantime, anyone concerned about this issue can resolve it by disabling Pop-up Notifications in the Android version of Viber,” Viber said in a statement issued to Ars. “This can be done by going to Viber Settings and choosing to disable—’New Message Pop-Up…’”