0

A friend watched a hacking video on my tablet using an outdated Android OS and an outdated YouTube App, and now I am concerned. No serious signs of entry, but it would be hard to tell since it is normally sluggish, and the security apps do not detect anything.

Is there a site which lists all of the discovered security bugs in the YouTube app since the version that is installed had been released? This way I can at least ascertain the feasibility of such an attack through the video stream on the app player. They did not click on any links, just played the video in the app until I yelled at them. Previous searches return results mainly for the API version history.

Yes, I am paranoid. No, no one is out to get me.

user58446
  • 513
  • 6
  • 13

1 Answers1

4

It is highly unlikely that the YouTube app resulted in a compromise. Not only would an attacker have to have XSS on the youtube browser container, they would then have to break out of the app sandbox, and then root the system - which requires a minimum of three exploits. The Google Bug Bounty Program pays out for these kinds bugs, although XSS has been found in youtube before, an attacker will make more money reporting this kind of bug to Google than compromising an old tablet.

YouTube is a service, and is not eligible for CVEs. Google has no obligations to make public the details of patched vulnerabilities.

Yelling at your friends it not a security measure, if you are interested in keeping your systems protected - then they must be regularly updated. If chrome and android haven't received updates, then any website you visit could result in a remote jailbreak - which requires one less exploit. In context, Stackoverflow is far more dangerous than Youtube because google has more money to spend on security.

Community
  • 1
rook
  • 46,916
  • 10
  • 92
  • 181