Major pre 4.4 ASOP browser bug.

Discussion in 'Tech News' started by Tonik, Sep 15, 2014.

  1. Tonik

    Tonik Active Member

    Joined:
    Sep 11, 2011
    Messages:
    672
    Likes Received:
    58
    Trophy Points:
    28
    Ratings:
    +67
    The folks at Rapid 7 (whom I know well) have written up and tested a recently released bug in the stock browser. This seems to impact pre 4.4 Android phones. In simple turns, the bad guy gets you to go to his website he can see all the other tabs on your browser, and all your session cookies to those websites. So he can snag your authentication to another website.

    https://community.rapid7.com/commun...droid-bug-is-a-privacy-disaster-cve-2014-6041