The first flaw allows attackers to install applications on the victim's smartphone without asking for permission or notifying the user. This flaw is considered as "permission escalation vulnerability," it affects all Android handsets regardless of the OS version.
The second bug known as teamjoch, makes it possible for installed apps with limited privileges to gain full control over the device. This one affects some of the Android devices, among which is the Samsung Nexus S model.
In a blog post by Jon Oberheide, he wrote, "The two Android vulnerabilities, which have been reported to Google but not yet patched."
Two vulnerabilities as reported were
- A permission escalation allowing the installation of applications with arbitrary permissions without user approval.
- A privilege escalation targeting Android's Linux kernel that allows an unprivileged application to gain root access.
The post also shares a video about the exploits
Earlier in August, CA researcher Dinesh Venkatesan revealed information about an Android trojan that was reportedly capable of recording conversation.