How a few legitimate app developers threaten the entire Android userbase (Ars Technica)

Posted Oct 19, 2015 4:11 UTC (Mon) by zblaxell (subscriber, #26385)
In reply to: How a few legitimate app developers threaten the entire Android userbase (Ars Technica) by dlang
Parent article: How a few legitimate app developers threaten the entire Android userbase (Ars Technica)

TFA mentioned original exploits not seen before their inclusion in the tools. That implies that at least one exploit exists today that wouldn't have existed otherwise (or would at least be used more discreetly if it did exist).

How a few legitimate app developers threaten the entire Android userbase (Ars Technica)

Posted Oct 19, 2015 5:18 UTC (Mon) by dlang (guest, #313) [Link] (1 responses)

not seen before by whom? Do the authors of the collection even claim that they developed all the exploits? I doubt it.

I always question people who claim that any collection of exploits contains a bunch of new exploits never seen before.

How a few legitimate app developers threaten the entire Android userbase (Ars Technica)

Posted Oct 19, 2015 6:44 UTC (Mon) by zblaxell (subscriber, #26385) [Link]

There is significant value even in the mere collection, maintenance, and testing of the exploits. Black hats can focus their time and effort on their malicious payloads instead of building their own delivery vehicles.

That's still a net advantage for black hats even if the total number of theoretically available vulnerabilities remains constant.