PT-2020-17347 · Google · Android+1

Published

2020-12-18

Updated

2020-12-21

CVE-2020-35554

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LG mobile devices with Android OS versions 8.0 through 10

Description An issue was discovered on LG mobile devices, where there is a WebView SSL error-handler vulnerability.

Recommendations For Android OS versions 8.0 through 10, consider disabling the WebView SSL error-handler functionality until a patch is available. As a temporary workaround, restrict the use of WebView to minimize the risk of exploitation. Avoid using SSL error-handler functions in WebView until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-35554

Affected Products

Android

Webview

PT-2020-17347 · Google · Android+1

CVE-2020-35554

Related Identifiers

Affected Products

References · 6