OpenSSLX509CertificateChecker 1.0.12 [free]

Report a new version

Description

This app verifies if your device is still vulnerable to CVE-2015-3825 / CVE-2015-3837 aka "One Class to Rule Them All", by checking if it contains the vulnerable conscrypt's OpenSSLX509Certificate class. A patch was released in August 2015 by Google. CVE-2015-3825 / CVE-2015-3837 is a code execution vulnerability discovered by Or Peles & Roee Hay, which allows for malware to takeover your device. It's due to a deserialization vulnerability in the OpenSSLX509Certificate class. The vulnerability was first published in USENIX WOOT '15: https://www.usenix.org/conference/woot15/workshop-program/presentation/peles. A video demo of successful exploitation of this vulnerability is available here: https://www.youtube.com/watch?v=VekzwVdwqIY It will also be presented in RSA Conference 2016: https://www.rsaconference.com/events/us16/agenda/sessions/2455/android-serialization-vulnerabilities-revisited

Old Versions

09/28/2022: OpenSSLX509CertificateChecker 1.0.12
Report a new version

Internet	Allows to access internet network.
Access network state	Allows to access information about networks.
Wake lock	Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming.

Free Download

Download by QR Code

App Name: OpenSSLX509CertificateChecker
Category: Tools
App Code: roeeh.conscryptchecker
Version: 1.0.12
Requirement: 2.3 or higher
File Size : 1.74 MB
Updated: 2022-09-28

OpenSSLX509CertificateChecker 1.0.12 [free]

Description

Old Versions

Permissions list

Report a new version

Report

Request an application