Rafay Baloch a white from Pakistan discover a serious flaw in anroid defalut browser called SOP (same origin policy) bypass.The vulnerability is present 70% of anroid devices.
Using this vulnerability attack can acess user's cookies,location,response and other sensitive information etc.
Other folks have verified this issue to work under Android browser < 4.4. Ref https://github.com/rapid7/metasploit-framework/pull/3759
The affected mobile devices are..
The initial tests were carried out on android browser 4.2.1 (Qmobile) and below and later verified with Galaxy S3, HTC wildfire, Sony Xperia, Qmobile etc.
After Rafay Baloch published a blog post at http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html describing the issue, researchers from security firm Rapid7 also conducted an analysis and determined that AOSP browsers shipped with versions of the operating system prior to Android 4.4 are affected.
When Researcher Rafay Baloch report the bug to Google was initially ignored by Google but in his blog post Researcher Rafay Baloch describe how the bug bypassed the browser's same origin policy (SOP) which prevent site from accessing other site's data.After attempting to conjure the problem again, Google witnessed the bug firsthand, and decided to take action.
As for now, Android users are better off using other web browsers, such as Chrome, Opera or Firefox. IGN will update this story with any new information
0 comments:
Post a Comment
Do Not Abuse Anyone