Detection of pileup vulnerabilities in mobile operating systems
First Claim
1. A system for detecting pileup vulnerabilities corresponding to mobile operating system updates, the system comprising:
- an exploit opportunity analyzer, configured to be executed by a processor of a server, configured to identify pileup exploit opportunities corresponding to a plurality of mobile operating system configurations based on mobile operating system upgrades for each of the plurality of mobile operating system configurations, wherein the identification of exploit opportunities is based on information relating to pileup flaws;
a risk database, comprising a non-transitory memory, configured to store information regarding the identified pileup exploit opportunities for a plurality of versions of each of the plurality of mobile operating system configurations; and
a scanner application, configured to be executed by a processor of a mobile device, configured to query identified exploit opportunities relating to a particular mobile operating system configuration and version, and to evaluate third-party applications installed at the mobile device based on the identified exploit opportunities.
3 Assignments
0 Petitions
Accused Products
Abstract
A system is provided for detecting pileup vulnerabilities corresponding to mobile operating system updates. The system includes: an exploit opportunity analyzer, configured to identify pileup exploit opportunities corresponding to a plurality of mobile operating system configurations based on mobile operating system upgrades for each of the plurality of mobile operating system configurations, wherein the identification of exploit opportunities is based on information relating to pileup flaws; a risk database, configured to store information regarding the identified pileup exploit opportunities for a plurality of versions of each of the plurality of mobile operating system configurations; and a scanner application, configured to be executed by a mobile device, configured to query identified exploit opportunities relating to a particular mobile operating system configuration and version, and to evaluate third-party applications installed at the mobile device based on the identified exploit opportunities.
-
Citations
20 Claims
-
1. A system for detecting pileup vulnerabilities corresponding to mobile operating system updates, the system comprising:
-
an exploit opportunity analyzer, configured to be executed by a processor of a server, configured to identify pileup exploit opportunities corresponding to a plurality of mobile operating system configurations based on mobile operating system upgrades for each of the plurality of mobile operating system configurations, wherein the identification of exploit opportunities is based on information relating to pileup flaws; a risk database, comprising a non-transitory memory, configured to store information regarding the identified pileup exploit opportunities for a plurality of versions of each of the plurality of mobile operating system configurations; and a scanner application, configured to be executed by a processor of a mobile device, configured to query identified exploit opportunities relating to a particular mobile operating system configuration and version, and to evaluate third-party applications installed at the mobile device based on the identified exploit opportunities. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for identifying pileup exploit opportunities associated with a plurality of mobile operating system configurations, the method comprising:
-
receiving, by a computing device, a plurality of mobile operating system images corresponding to the plurality of mobile operating system configurations and multiple versions of the plurality of mobile operating system configurations; identifying, by the computing device, items susceptible to pileup flaws in each of a plurality of the multiple versions of the plurality of mobile operating system configurations; and causing, by the computing device, identifications of the items susceptible to pileup flaws to be stored in a risk database as identified exploit opportunities. - View Dependent Claims (12, 13, 14)
-
-
15. A non-transitory processor-readable medium having processor-executable instructions stored thereon for scanning for pileup vulnerabilities on a mobile device, the processor-executable instructions, when executed by a processor of the mobile device in accordance with a scanning application, facilitating the performance of the following steps:
-
querying a remote risk database for pileup exploit opportunities corresponding to a current version of a mobile operating system installed on the mobile device; receiving identifications of pileup exploit opportunities corresponding to the current version of the mobile operating system; scanning non-system applications installed on the mobile device to detect potentially malicious applications configured to take advantage of the pileup exploit opportunities corresponding to the current version of the mobile operating system; and responding to detected potentially malicious applications by notifying a user of the mobile device of the detected potentially malicious applications or by removing the potentially malicious applications from the mobile device. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification