Research from Check Point has discovered several vulnerabilities in downloadable and cloud-based Android development tools which all Java/Android programmers use to build their companies business applications. Even security analysts and reverse-engineers use some of the affected softwares to conduct their work.
The vulnerabilities were found to affect the most common Android IDEs including Google’s own Android Studio, JetBrains’ IntelliJ IDEA, and Eclipse. Popular reverse-engineering tools for Android that were affected include APKTool, the Cuckoo-Droid service, and others.
Check Point notes how WikiLeaks leaked information as part of its ‘Vault 7’ release on how the CIA and NSA exploited vulnerabilities
Since discovering the vulnerabilities, Check Point informed the affected software makers of the problems. Google and JetBrains have verified and acknowledged the security issues and have since “effectively deployed a fix.”
The full technical analysis can be found here.
