Android exploit injects pop-ups, ruins apps; $677m settlement in price-fixing case; Intel buys Altera for $21bn

A newly identified vulnerability in an Android app framework allows malicious attackers to inject pop-ups or crash affected apps.

The vulnerability occurs in the Apache Cordova app framework and was identified by researchers from security vendor Trend Micro.

In a post on the Trend Micro blog, the researchers labelled the vulnerability as “high-severity” and said it affects all versions of Apache Cordova up to 4.0.1.

The researchers said that the “majority of Cordova-based apps … are prone to exploits”, and that Cordova-based apps account for 5.6% of all apps on Google Play.

“We believe this vulnerability is highly exploitable because the conditions that need to be met for a successful exploit are common developer practices,” the blog post read.

By exploiting the vulnerability, an attacker can, among other things:

• Tamper with an app’s appearance
• Inject pop-ups
• Inject splash screens
• Crash an app

“We suggest Android app developers upgrade their Cordova framework to the latest version (version 4.0.2) and rebuild to a new release. This will prevent apps from being modified by attackers targeting this vulnerability,” the blog post read.

Apache has released an official bulletin regarding the vulnerability.

“A major Security issue [was] discovered in the Android platform of Cordova. We are releasing version 4.0.2 of Cordova Android to address these security issues. We recommend that all Android applications built using Cordova 4.0.x or higher be upgraded to use version 4.0.2 of Cordova Android,” the Apache bulletin read.

“If you are using an older version of Cordova, we have also released 3.7.2 with the same fix, and we recommend that you upgrade your project to either of these fixed versions. Other Cordova platforms such as iOS are unaffected, and do not have an update,” it went on.

Vendors pay $677 million in price-fixing case

Five tech vendors will pay a total of US$528 million (about AU$677 million) to settle a class action lawsuit that alleged price fixing in the cathode ray tube (CRT) market, according to Reuters.

The companies are Samsung SDI Co Ltd, Koninklijke Philips, Panasonic Corp, Hitachi Ltd and Toshiba Corp.

Samsung agreed to pay US$225 million (about AU$289 million) while Philips agreed to pay $175 million (about AU$225 million).

Reuters explained that in 2007 and 2008, consumers who had bought TVs and computer monitors sued several companies over an alleged international conspiracy to fix the prices of CRTs.

Intel buys Altera for $21 billion

Intel will buy tech company Altera in an all-cash transaction valued at approximately US$16.7 billion (about AU$21 billion), under a definitive agreement announced earlier this week.

Altera will become an Intel business unit as part of the deal. Intel said it “plans to continue support and development for Altera's ARM-based and power management product lines”.

The acquisition is expected to close within six to nine months, according to Intel.

Intel CEO Brian Krzanich said: “With this acquisition, we will harness the power of Moore’s Law to make the next generation of solutions not just better, but able to do more. Whether to enable new growth in the network, large cloud data centres or IoT segments, our customers expect better performance at lower costs. This is the promise of Moore’s Law and it’s the innovation enabled by Intel and Altera joining forces.”

John Daane, president, CEO and chairman of Altera, said: “We believe that as part of Intel we will be able to develop innovative FPGAs and system-on-chips for our customers in all market segments.”

The purchase has been unanimously approved by the boards of both Intel and Altera and is subject to regulatory approvals and customary closing conditions - including the approval of Altera’s stockholders.

Image courtesy Nick Allen under CC