| Filename | AirDroid vulnerability allows hackers to perform Dos attack from your Android device |
| Permission | rw-r--r-- |
| Author | Unknown |
| Date and Time | 4/14/2013 |
| Label | Cyber News |
| Action |
Ethical Hacking Institute in Pune
./Arizona Team
A vulnerability in AirDroid application which provides wireless management of your Android phone or tablet from any browser on the same Wi-Fi network allow hackers to perform Dos attack from your Android device.
Cross Site scripting or XSS vulnerability in the browser version of AirDroid allows an attacker is able to send a malicious text message to the browser associated with the account when attacker is able to get access to a phone with AirDroid installed.
According to advisory posted by US-Cert, When this message is viewed on the AirDroid web interface an attacker can conduct a cross-site scripting attack, which may be used to result in information leakage, privilege escalation, and/or denial of service on the host computer.
Vulnerability is currently not patched and also AirDroid team didn't annouce any update regarding fix. As a general good security practice, only allow connections from trusted hosts and networks.
Flaw registered as CVE-2013-0134, and restricting access would prevent an attacker from accessing the AirDroid web interface using stolen credentials from a blocked network location.
www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE
./Arizona Team
A vulnerability in AirDroid application which provides wireless management of your Android phone or tablet from any browser on the same Wi-Fi network allow hackers to perform Dos attack from your Android device.
Cross Site scripting or XSS vulnerability in the browser version of AirDroid allows an attacker is able to send a malicious text message to the browser associated with the account when attacker is able to get access to a phone with AirDroid installed.
According to advisory posted by US-Cert, When this message is viewed on the AirDroid web interface an attacker can conduct a cross-site scripting attack, which may be used to result in information leakage, privilege escalation, and/or denial of service on the host computer.
Vulnerability is currently not patched and also AirDroid team didn't annouce any update regarding fix. As a general good security practice, only allow connections from trusted hosts and networks.
Flaw registered as CVE-2013-0134, and restricting access would prevent an attacker from accessing the AirDroid web interface using stolen credentials from a blocked network location.
www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE