What's New
About ConscryptChecker Android App
This app verifies if your device is still vulnerable to CVE-2015-3825 / CVE-2015-3837 aka "One Class to Rule Them All", by checking if it contains the vulnerable conscrypt's OpenSSLX509Certificate class. A patch was released in August 2015 by Google.
CVE-2015-3825 / CVE-2015-3837 is a code execution vulnerability discovered by Or Peles & Roee Hay, which allows for malware to takeover your device. It's due to a deserialization vulnerability in the OpenSSLX509Certificate class. The vulnerability was first published in USENIX WOOT '15: https://www.usenix.org/conference/woot15/workshop-program/presentation/peles.
A video demo of successful exploitation of this vulnerability is available here:
https://www.youtube.com/watch?v=VekzwVdwqIY
It will also be presented in RSA Conference 2016: https://www.rsaconference.com/events/us16/agenda/sessions/2455/android-serialization-vulnerabilities-revisited
Other Information:
Download
This version of ConscryptChecker Android App comes with one universal variant which will work on all the Android devices.
All Versions
If you are looking to download other versions of ConscryptChecker Android App, We have 1 version in our database. Please select one of them below to download.
