CVE-2019-14761

Name of the Vulnerable Software and Affected Versions KaiOS version 2.5

Description An issue was discovered in the pre-installed Note application, which is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Note application, allowing them to take control over the Note application's UI. This could enable an attacker to display a malicious prompt to the user, asking them to re-enter credentials such as their KaiOS credentials, and also abuse any privileges available to the mobile application.

Recommendations For KaiOS version 2.5, consider disabling the Note application until a patch is available to prevent potential HTML and JavaScript injection attacks. Restrict access to the Note application to minimize the risk of exploitation. Avoid using the Note application for sensitive tasks until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.