Researchers from Indiana University have discovered a vulnerability in the way Android handles updates. Android update process puts devices at risk of malware Infection. The vulnerabilities capable to carry out privilege escalation attacks because of the weakness in its Package Management Service (PMS) that puts more than one billion Android devices at risk. As the paper states:
“A distinctive and interesting feature of such an attack is that it is not aimed at a vulnerability in the current system. Instead, it exploits the ﬂaws in the updating mechanism of the “future” OS, which the current system will be upgraded to.”
The researchers discovered six flaws in the Android Package Manager, all of which have been reported to Google.