Friday, September 26, 2014

Android flaw puts privacy at risk

According to security researcher Rafay Baloch, Android versions prior to 4.4 are prone to security bypass issue that allows intruders to gain control of a user's sessions on other sites. The issue is actually related to XSS flaw due to improper handling of javascript: strings preceded by a null byte character in the browser, which hampered the enforcement of same-origin policy. After the 'exploit' released under a Metasploit module by Rapid7 team, Google has acknowledged it and start working on a 'security patch' for earlier version KitKat. <more>

No comments: