• Great Vulnerability In The Google Android Browser

    Has recently become known, there is a previously ungestopftes data leak in the Android open source project browser (short: AOSP). This is all Versions of Android installed before KitKat and is therefore used as default browser by many users. So far, there is no solution except the use of other browser.

    The well known gap offers the possibility to retrieve user data, such as session cookies, and location data, cyber criminals. This should actually be prevented by the same-origin policy, the security features of your browser of. How the IT expert but now revealed Rafay Baloch is using a JavaScript sent them (CVE-2014-6041). Succeeding the attacker where the user prepared one of that, malicious site visited, what now offers him the opportunity to read all data from other open tabs. Such pages can be generated now by the Metasploit tool button. This could for example mean that he gets access to webmail, online banking, and other highly sensitive data about reading cookies and session data and can take over the sessions.Should the user has saved his password via a cookie, the attacker could continue to use them at a later time.

    Google has taken so far still no opinion to the bow, if and when this will be fixed is still open, because the software giant since the new version of the Android browser 4.4 (KitKat) on the Google chrome and more provides no updates for older versions. However, older devices and Smartphones from the beginner and medium price segment increasingly with older versions of the operating system are delivered. Nearly 75% of Android devices are in this area, all users of these devices are therefore potentially at risk. Protect you only can change on alternative browsers such as Firefox, Opera, dolphin or just chrome.

    Categories: i Type Phones

    Leave a Reply