| Filename | Android WebView vulnerability allows hacker to install malicious apps |
| Permission | rw-r--r-- |
| Author | Unknown |
| Date and Time | 9/17/2013 |
| Label | Cyber News |
| Action |
Ethical Hacking Institute in Pune
./Arizona Team
WebView is an essential component in Android and iOS. It enables applications to display content from online resources and simplifies task of performing a network request, parsing the data and rendering it.
Today AVG Security expert reported a critical vulnerability in Android's WebView feature that allows an attacker to install malicious software, send SMSs and performing more tasks.
WebView uses a number of APIs which can interact with the web contents inside WebView. So this allows the user to view a web application as a part of an ordinary Android application.
Users can be infected when they click on a URL link using a vulnerable application that allows opening a Java enabled browser or web page. The commands in the JavaScript code can enable attackers to install malicious software, send SMSs, steal personal information and more.
To exploit the flaw, attacker can trick users to click a malicious link from a vulnerable WebView application and which will trigger a malicious JavaScript command contained on the same webpage.
All the applications running on Android 4.1 or older could perform malicious tasks and users are advised to upgrade to Android 4.2 or higher and download applications only from Google Play.
www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking, IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune
./Arizona Team
WebView is an essential component in Android and iOS. It enables applications to display content from online resources and simplifies task of performing a network request, parsing the data and rendering it.
Today AVG Security expert reported a critical vulnerability in Android's WebView feature that allows an attacker to install malicious software, send SMSs and performing more tasks.
WebView uses a number of APIs which can interact with the web contents inside WebView. So this allows the user to view a web application as a part of an ordinary Android application.
Users can be infected when they click on a URL link using a vulnerable application that allows opening a Java enabled browser or web page. The commands in the JavaScript code can enable attackers to install malicious software, send SMSs, steal personal information and more.
To exploit the flaw, attacker can trick users to click a malicious link from a vulnerable WebView application and which will trigger a malicious JavaScript command contained on the same webpage.
All the applications running on Android 4.1 or older could perform malicious tasks and users are advised to upgrade to Android 4.2 or higher and download applications only from Google Play.
www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking, IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune