Threat:
Based on recent Meltdown / Spectre threats, vulnerabilities in the CPU of a mobile device may permit a malicious application with escalated privileges to read the memory of running processes, allowing an attacker to obtain cryptographic keys and other secrets that are unencrypted in memory.
Mobile app developers should not assume secrets in memory are free from unauthorized access by an attacker, and should explicitly overwrite memory locations (usually referenced by variables) with random data as soon as any given secret is no longer in-use.
New Threat
Threat Category: STA
Threat: Based on recent Meltdown / Spectre threats, vulnerabilities in the CPU of a mobile device may permit a malicious application with escalated privileges to read the memory of running processes, allowing an attacker to obtain cryptographic keys and other secrets that are unencrypted in memory.
Threat Origin:
Exploit Example:
CVE Example:
Possible Countermeasures:
References: