Browser Vulnerability Privacy Disaster For 3 Of 4 Android Users

  /     /     /  
Publicated : 22/11/2024   Category : security


Browser Vulnerability Privacy Disaster For 3 Of 4 Android Users


An exploit of an unsupported Android browser bypasses the ever-important Same Origin Policy.



A vulnerability in the Android Open Source Platform (AOSP) is a privacy disaster that affects about 75 percent of the overall Android ecosystem and about 100 percent of the low-end prepaid phones, according to researchers at Rapid7s Metasploit research team.
The vulnerability -- CVE-2014-6041, disclosed by Rafay Baloch -- bypasses the AOSP browsers Same Origin Policy. Yesterday, Tod Beardsley, technical lead for the Metasploit framework,
wrote
:
What this
[vulnerability]
means is, any arbitrary website (say, one controlled by a spammer or a spy) can peek into the contents of any other web page. Imagine you went to an attackers site while you had your webmail open in another window -- the attacker could scrape your e-mail data and see what your browser sees. Worse, he could snag a copy of your session cookie and hijack your session completely, and read and write webmail on your behalf.
This is a privacy disaster. The Same-Origin Policy is the cornerstone of web privacy, and is a critical set of components for web browser security.
Not long ago, browser SOP bypasses were a common Web attack tactic, but most browser developers have made a point of eliminating such vulnerabilities.
Exploit modules for this vulnerability are now available for all versions of Metasploit.
The AOSP browser is no longer supported by Google, but is nevertheless widely popular and frequently re-installed by users who prefer it to other browsers, says Beardsley.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Browser Vulnerability Privacy Disaster For 3 Of 4 Android Users