CVE-2013-4787
First published: Tue Jul 09 2013(Updated: )
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature, probably involving multiple entries in a Zip file with the same name in which one entry is validated but the other entry is installed, aka Android security bug 8219321 and the "Master Key" vulnerability.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | =1.6 | |
| Google Android | =2.0 | |
| Google Android | =2.0.1 | |
| Google Android | =2.1 | |
| Google Android | =2.2 | |
| Google Android | =2.2-rev1 | |
| Google Android | =2.2.1 | |
| Google Android | =2.2.2 | |
| Google Android | =2.2.3 | |
| Google Android | =2.3 | |
| Google Android | =2.3-rev1 | |
| Google Android | =2.3.1 | |
| Google Android | =2.3.2 | |
| Google Android | =2.3.3 | |
| Google Android | =2.3.4 | |
| Google Android | =2.3.5 | |
| Google Android | =2.3.6 | |
| Google Android | =2.3.7 | |
| Google Android | =3.0 | |
| Google Android | =3.1 | |
| Google Android | =3.2 | |
| Google Android | =3.2.1 | |
| Google Android | =3.2.2 | |
| Google Android | =3.2.4 | |
| Google Android | =3.2.6 | |
| Google Android | =4.0 | |
| Google Android | =4.0.1 | |
| Google Android | =4.0.2 | |
| Google Android | =4.0.3 | |
| Google Android | =4.0.4 | |
| Google Android | =4.1 | |
| Google Android | =4.1.2 | |
| Google Android | =4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/
- http://review.cyanogenmod.org/#/c/45251/
- http://www.osvdb.org/94773
- http://www.securityfocus.com/bid/60952
- http://www.zdnet.com/google-releases-fix-to-oems-for-blue-security-android-security-hole-7000017782/
- https://jira.cyanogenmod.org/browse/CYAN-1602
- https://plus.google.com/113331808607528811927/posts/GxDA6111vYy
Frequently Asked Questions
What is the severity of CVE-2013-4787?
CVE-2013-4787 is considered a high severity vulnerability as it allows attackers to execute arbitrary code on affected Android devices.
How do I fix CVE-2013-4787?
To mitigate CVE-2013-4787, it is recommended to upgrade to a version of Android that is not affected, specifically beyond 4.2.
Which versions of Android are affected by CVE-2013-4787?
CVE-2013-4787 affects Android versions from 1.6 Donut to 4.2 Jelly Bean.
What type of attack does CVE-2013-4787 enable?
CVE-2013-4787 enables attackers to modify APKs in such a way that they can bypass cryptographic signature checks, potentially leading to code execution.
Is there a patch available for CVE-2013-4787?
There is no specific patch for CVE-2013-4787; updating to a newer, unaffected Android version is the recommended approach.
- agent/type
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/google
- canonical/google android
- version/google android/1.6
- version/google android/2.0
- version/google android/2.0.1
- version/google android/2.1
- version/google android/2.2
- version/google android/2.2-rev1
- version/google android/2.2.1
- version/google android/2.2.2
- version/google android/2.2.3
- version/google android/2.3
- version/google android/2.3-rev1
- version/google android/2.3.1
- version/google android/2.3.2
- version/google android/2.3.3
- version/google android/2.3.4
- version/google android/2.3.5
- version/google android/2.3.6
- version/google android/2.3.7
- version/google android/3.0
- version/google android/3.1
- version/google android/3.2
- version/google android/3.2.1
- version/google android/3.2.2
- version/google android/3.2.4
- version/google android/3.2.6
- version/google android/4.0
- version/google android/4.0.1
- version/google android/4.0.2
- version/google android/4.0.3
- version/google android/4.0.4
- version/google android/4.1
- version/google android/4.1.2
- version/google android/4.2