According to Core Security Technologies, Google’s Android SDK faces multiple remotely exploitable vulnerabilities. Core Security issued an advisory, indicating heap and interflow overflow issues with Android, and reserved eight CVE identifiers. They’ve also outlined a proof of concept exploit, including technical descriptions.
According to Core Security:
“Exploitation of these vulnerabilities to yield complete control of a phone running the Android platform has been proved possible using the emulator included in the SDK, which emulates phone running the Android platform on an ARM microprocessor.”
Fortunately, the Android SDK is still in early stages, and continues to be a work in progress. It has not yet hit the consumer mobile phone market, so it’s a good thing that these sorts of issues are discovered now and that Google has the opportunity to fix them.