Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Android browser flaw found to leak data

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 3 Oct 2014 10:43:25 +0000 (UTC)
http://www.csoonline.com/article/2690910/application-security/android-browser-flaw-found-to-leak-data.html

By Antone Gonsalves
CSO
Oct 2, 2014
A security researcher has found another flaw in the Android browser that a cybercriminal could use to steal sensitive data.
The latest same-origin policy (SOP) bypass vulnerability is the second discovered by researcher Rafay Baloch, who discovered the first, CVE-2014-6041, last month.
The vulnerability is in how Javascript is handled by the Android function responsible for loading frame URLs. The SOP is supposed to prevent JavaScript from one Web page accessing content from another page.
However, the flaw enables that barrier to be bypassed, so an attacker can read the content of browser tabs, when the user visits a page controlled by the attacker. 

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
Previous By Date Next
Previous By Thread Next

Current thread: