Information Security News mailing list archives
Android browser flaw found to leak data
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 3 Oct 2014 10:43:25 +0000 (UTC)
http://www.csoonline.com/article/2690910/application-security/android-browser-flaw-found-to-leak-data.html By Antone Gonsalves CSO Oct 2, 2014A security researcher has found another flaw in the Android browser that a cybercriminal could use to steal sensitive data.
The latest same-origin policy (SOP) bypass vulnerability is the second discovered by researcher Rafay Baloch, who discovered the first, CVE-2014-6041, last month.
The vulnerability is in how Javascript is handled by the Android function responsible for loading frame URLs. The SOP is supposed to prevent JavaScript from one Web page accessing content from another page.
However, the flaw enables that barrier to be bypassed, so an attacker can read the content of browser tabs, when the user visits a page controlled by the attacker.
[...] -- Evident.io - Continuous Cloud Security for AWS. Identify and mitigate risks in 5 minutes or less. Sign up for a free trial @ https://evident.io/
Current thread:
- Android browser flaw found to leak data InfoSec News (Oct 03)