Janus Vulnerability in Android (CVE-2017-13156)
A serious vulnerability (CVE-2017-13156) in Android allows attackers to modify the code in applications without affecting their signatures. The root of the problem is that a file can be a valid APK file and a valid DEX file at the same time. We have named it the Janus vulnerability, after the Roman god of duality. Why we call it Janus vulnerability? The Janus vulnerability stems from the possibility to add extra bytes to APK files and to DEX files. On…