ConscryptChecker
Free AppAbout ConscryptChecker
This app verifies if your device is still vulnerable to CVE-2015-3825 / CVE-2015-3837 aka "One Class to Rule Them All", by checking if it contains the vulnerable conscrypt's OpenSSLX509Certificate class. A patch was released in August 2015 by Google.
CVE-2015-3825 / CVE-2015-3837 is a code execution vulnerability discovered by Or Peles & Roee Hay, which allows for malware to takeover your device. It's due to a deserialization vulnerability in the OpenSSLX509Certificate class. The vulnerability was first published in USENIX WOOT '15: https://www.usenix.org/conference/woot15/workshop-program/presentation/peles.
A video demo of successful exploitation of this vulnerability is available here:
https://www.youtube.com/watch?v=VekzwVdwqIY
It will also be presented in RSA Conference 2016: https://www.rsaconference.com/events/us16/agenda/sessions/2455/android-serialization-vulnerabilities-revisited
CVE-2015-3825 / CVE-2015-3837 is a code execution vulnerability discovered by Or Peles & Roee Hay, which allows for malware to takeover your device. It's due to a deserialization vulnerability in the OpenSSLX509Certificate class. The vulnerability was first published in USENIX WOOT '15: https://www.usenix.org/conference/woot15/workshop-program/presentation/peles.
A video demo of successful exploitation of this vulnerability is available here:
https://www.youtube.com/watch?v=VekzwVdwqIY
It will also be presented in RSA Conference 2016: https://www.rsaconference.com/events/us16/agenda/sessions/2455/android-serialization-vulnerabilities-revisited
All Application Badges
Free
downl.
downl.
Android
2.3+
2.3+
Android app
App History & Updates
Name changed Name changed! OpenSSLX509CertificateChecker now is known as ConscryptChecker.
What are users saying about ConscryptChecker
T
by T####:
by T####:
Confirmed presence of patch but when I pressed the Report button it didn't tell me whether the report was successfully submitted or not.
by X####:
Nice tool