A leak in the Android Open Source Platform (AOSP) gets three-quarters of smartphones under Android. Hackers gain this access to the browser of the user
.
The flaw occurs in Android versions earlier than 4.4. Since 75 percent of Android phones running on and almost 100 percent of prepaid phones under Android. The leak is now almost certainly fully exploited by hackers. The hacker tool Metasploit already provides modules to abuse the leak.
AOSP browser is no longer supported by Google but is still very common.
According preventer Radid7 attackers can avoid Security Policy (SOP) using the leak the Same Origin. Using the leak evil intent can look into the content of any other website. From any website Who, for instance go to the site of an attacker and webmail has listed in another window, open also suggests that information exposed to the hacker. He can also make a copy of a session cookie and take over entire session.
Attacks which the SOP was circumvented have long been very popular with hackers, but because most software makers have the leaks in this poem they are now much rarer.
The leak was discovered a few weeks ago by expert Rafay Baloch. He reported it in a blog, but if there on received to date no response from Google.
No comments:
Post a Comment