Crashing Android devices with large Proxy Auto Config (PAC) Files [CVE-2016-6723]

Posted by Nightwatch Cybersecurity Research on Nov 08

[Original at:
https://wwws.nightwatchcybersecurity.com/2016/11/07/crashing-android-devices-with-large-pac-files-cve-2016-6723/]

Summary

Android devices can be crashed forcing a halt and then a soft reboot
by downloading a large proxy auto config (PAC) file when adjusting the
Android networking settings. This can also be exploited by an MITM
attacker that can intercept and replace the PAC file. However, the bug
is mitigated by multiple factors…

Leave a Reply