On 20 Feb 2012, at 12:41, Paul Evans wrote: > * Can I 'man-in-the-middle' and inject badLibrary with corresponding md5 to > make it look good - i.e. spoof the central repository > * can i get a badLoader into the application
more specifically... If attacker succeeds in the above, every app that wants to use the same library version is compromised by that browser cache even after leaving the 'man-in-the-middle' compromised network.
