CVE-2012-6636

Name of the Vulnerable Software and Affected Versions Android API versions prior to 17

Description The issue allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier.

Recommendations For Android API versions prior to 17, consider restricting the use of the WebView.addJavascriptInterface method until a patch is available. As a temporary workaround, avoid using the WebView component to load crafted JavaScript code.