According to security researcher Rafay Baloch, Android versions prior to 4.4 are prone to security bypass issue that allows intruders to gain control of a user’s sessions on other sites. The issue is actually related to XSS flaw due to improper handling of javascript: strings preceded by a null byte character in the browser, which hampered the enforcement of same-origin policy. After the exploit released under a Metasploit module by Rapid7 team, Google has acknowledged it and start working on a security patch for earlier version KitKat. <more>

Related articles

A WhatsApp bug that let hackers access local file system fixed by Facebook
Security Updates

A WhatsApp bug that let hackers access local file system fixed by Facebook

By CertX
Google patches two more zero-day flaws
Security Updates

Google patches two more zero-day flaws

By CertX
Security Updates

62 vulns fixed in Google Chrome 40

By CertX
Security Updates

Twitter experiences Tsunami of malicious messages

By CertX
Security Updates

Microsoft Fixes Two Windows Zero-Day Flaws Found Under Attack

By CertX

Leave a Reply

Your email address will not be published. Required fields are marked *