Security researchers said they have uncovered bugs in Google’s Android operating system that could allow malicious apps to send vulnerable devices into a spiral of endlessly looping crashes and possibly delete all data stored on them.
Apps that exploit the denial-of-service vulnerability work on Android versions 2.3, 4.2.2, 4.3, and possibly many other releases of the operating system, researcher Ibrahim Balic wrote in a blog post. Attackers could exploit the underlying memory corruption bug by hiding attack code in an otherwise useful or legitimate app that is programmed to be triggered only after it is installed on a vulnerable handset. By filling the Android “appname” field with an extremely long value exceeding 387,000 characters, the app can cause the device to go into an endless series of crashes.
Source: Ars Technica