According to security researcher Rafay Baloch, Android versions prior to 4.4 are prone to security bypass issue that allows intruders to gain control of a user’s sessions on other sites. The issue is actually related to XSS flaw due to improper handling of javascript: strings preceded by a null byte character in the browser, which hampered the enforcement of same-origin policy. After the exploit released under a Metasploit module by Rapid7 team, Google has acknowledged it and start working on a security patch for earlier version KitKat. <more>
Menu