A new security vulnerability affecting android users as an X-Frame-Options flaw which when combined with a recent Android WebView (Jelly Bean) bug allows hackers to install apps on users device without their permission. The vulnerability affects users running Android 4.3 Jelly Bean and that use a UXSS vulnerable browser. As Tod Beardsley, engineering manager at Rapid7 reports:
Source
How to prevent being vulnerable
Quote:
"Users of these platforms may also have installed vulnerable aftermarket browsers. Until the Google Play store XFO [X-Frame-Options] gap is mitigated, users of these web applications who habitually sign in to their Google Account will remain vulnerable." |
How to prevent being vulnerable
- Update to newer Android version
- Use a browser like Chrome or firefox that isn't vulnerable to UXSS
- Don't keep your Play Store account logged into any third party browser apps
Aucun commentaire:
Enregistrer un commentaire