Google has discovered that the installation file for Fortnite on Android contained a vulnerability that allowed installed apps to download unnoticed and install software. The vulnerability has now been repaired.
The error in the installation file was reported by a Google employee on his issue tracker about two weeks ago. On the forum you can see the correspondence between Google and Fortnite-maker Epic Games; this shows that the problem has now been resolved, and that an update has been implemented in the installer. Users who have version 2.10 of the installer on their device are protected against the vulnerability.
The error allowed any app already installed on the smartphone to download software in the background unnoticed. In addition, apps could be installed unnoticed, and they could also have all possible permissions. It is a so-called ‘man-in-the-disk’ attack, something that was recently shown during the Def Con security conference. The already installed app that installs software unnoticed must already have rights to write to external storage on the Android device.
This uses the external storage of Android to penetrate the sandbox of apps and for example to install a malicious app. Although the Android guidelines state that app developers must use this storage with the necessary security measures, this does not seem to have happened in the case of Fortnite.
What is custom ROM?
ROM is short for Read-Only Memory. It has many versions just like Windows OS does; no matter it is stock ROMs from companies, or custom ROM from third party. This new custom ROM can bring you the latest version of Android before your manufacturer. Anyhow, flashing a new ROM means installing a new operating system to your Android.
The new Android 6.0.1 Marshmallow comes with many new features :
- Mobile payments (Android Pay) feature.
- Better RAM Management.
- Fingerprint support.- A battery saver feature which extends device use by up to 90 mins.
- It has a faster, smoother and more powerful computing experience.
- Support for 64-bit SoCs using ARM, x86, and MIPS-based cores.
- OpenGL ES 3.1 and Android extension pack brings Android to the forefront of mobile graphics putting it on par with desktop and console class performance.
- Responsive, natural motion, realistic lighting and shadows, and familiar visual elements make it easier to navigate your device.
- More intelligent ranking of notifications based on who they’re from and the type of communication.
- See all your notifications in one place by tapping the top of the screen.
- New devices come with encryption automatically turned on to help protect data on lost or stolen devices.
- SELinux enforcing for all applications means even better protection against vulnerabilities and malware.
- State of the art video technology with support for HEVC main profile to allow for UHD 4K 10-bit video playback, tunneled hardware video decoding to save power and improved HLS support for streaming.
- and other cool features.
Note: If there is more than one download option, that likely means that you need to download and install the Bug Fix Update for your smartphone or tablet device before you can actually update to 6.0.1 Marshmallow.
Step 1:Before you go trying to update your device, you should check which version of Android you are running. You might already be on the latest version. It's easy to check so follow this guide up to step four. This screen will have a section called 'Android version'. If it doesn't, click 'Software information' to find out.
Step 2:Scroll down the Settings menu and click on 'About Phone' or 'About Tablet'. If you have a tabbed settings menu then this will appear in the 'general' section.
Refer to Android developer page to choose which version of Android your phone or tablet is running. I.e, 4.0.4 corresponds to Ice Cream Sandwich, an old version of Android that was released in 2013.
Step 3:Note: Your phone or tablet may require a Wi-Fi connection to search for an update. We suggest you to download the software Droid Over Wi-Fi because the file size can be large.
Choose and click the "Software Update" option. Next it will search available update for your phone or tablet. If update is available, you will be asked if you want to install it. Select "yes" and it will install the new operating system in your device. If you want to install it later, you can download the Android 6.0.1 Marshmallow file first. Download Android 6.0.1 Marshmallow.zip