PT-2014-4374 · Google · Android
Publicado
2014-03-03
·
Atualizado
2016-05-26
·
CVE-2014-1939
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Android versions prior to 4.4
Description
The issue allows attackers to execute arbitrary Java code by leveraging access to the
searchBoxJavaBridge interface at certain Android API levels. This is due to the use of the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class in java/android/webkit/BrowserFrame.java.Recommendations
For Android versions prior to 4.4, as a temporary workaround, consider restricting access to the
searchBoxJavaBridge interface until a patch is available.Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Android