Android flaw puts privacy at risk

According to security researcher Rafay Baloch, Android versions prior to 4.4 are prone to security bypass issue that allows intruders to gain control of a user's sessions on other sites. The issue is actually related to XSS flaw due to improper handling of javascript: strings preceded by a null byte character in the browser, which hampered the enforcement of same-origin policy. After the 'exploit' released under a Metasploit module by Rapid7 team, Google has acknowledged it and start working on a 'security patch' for earlier version KitKat. <more>