Los puntos clave no están disponibles para este artículo en este momento.
Abstract—Component hijacking is a class of vulnerabilities commonly appearing in Android applications. When these vul-nerabilities are triggered by attackers, the vulnerable apps can exfiltrate sensitive information and compromise the data integrity on Android devices, on behalf of the attackers. It is often unrealis-tic to purely rely on developers to fix these vulnerabilities for two reasons: 1) it is a time-consuming process for the developers to confirm each vulnerability and release a patch for it; and 2) the developers may not be experienced enough to properly fix the problem. In this paper, we propose a technique for automatic patch generation. Given a vulnerable Android app (without source code) and a discovered component hijacking vulnerability, we automatically generate a patch to disable this vulnerability. We have implemented a prototype called AppSealer and evaluated its efficacy on apps with component hijacking vulnerabilities. Our evaluation on 16 real-world vulnerable Android apps demon-strates that the generated patches can effectively track and mitigate component hijacking vulnerabilities. Moreover, after going through a series of optimizations, the patch code only represents a small portion (15.9 % on average) of the entire program. The runtime overhead introduced by AppSealer is also minimal, merely 2 % on average. I.
Zhang et al. (Wed,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: