Android Default Browsers Allow Attackers To Steel Session – Vulnerability

Android Default Browsers Allow Attackers To Steel Session – Vulnerability

A Serious vulnerability has been discovered in the Web browser installed by default on a large number (Approximately 70%) of Android devices, that could allow an attacker to hijack users’ open websites.The exploit targets vulnerability (CVE-2014-6041) in Android versions 4.2.1 and all older versions and was first disclosed right at the start of September by an independent security researcher Rafay Baloch.

The Android bug has been called a “privacy disaster” by Tod Beardsley, a developer for the Metasploit security toolkit, and in order to explain you why, he has promised to post a video that is “sufficiently shocking.”

Baloch also found the AOSP browser installed on Android 4.2.1 is vulnerable to Same Origin Policy (SOP) bypass that allows one website to steal data from another. He then tested his findings on numerous devices, including Qmobile Noir, Sony Xperia, Samsung Galaxy S3, HTC Wildfire and Motorola Razr and found that it works on all.

But, anyone running the latest release, Android 4.4, is not affected, which means that as many as 75 per cent of Android devices and millions of Android users are vulnerable to the attack, according to Google’s own statistics.

In order to protect yourself, just Disable the BROWSER from your Android devices by going to Settings > Apps > All and looking for its icon. By opening it, you’ll find a DISABLE button, Select it and disable the Browser.

Capture

 

We will be happy to hear your thoughts

Leave a reply

Login/Register access is temporary disabled