Android WebView Vulnerability

Tuesday, September 17, 2013 @ 05:09 PM gHale


Bad guys can take advantage of a vulnerability that impacts the WebView control in Android applications to install malicious software on users’ devices, researchers said.

The security hole affects devices running versions older than Android 4.2, said researchers at AVG Technologies.

RELATED STORIES
Android Malware via Email
Android Malware uses SMTP
False AVG Antivirus App Targets Android
New Way to Spread Android Trojan

Hackers can exploit the flaw by tricking users into clicking on a link from a vulnerable application that allows opening a Java-enabled browser or webpage.

The malicious JavaScript commands contained on this webpage will automatically execute. The attacker can perform a wide range of actions, including installing software, sending SMSs and stealing personal information.

Android app developers use WebView when they want to allow customers to view web applications. The issue identified by AVG researchers ends up related to the use of the addJavascriptInterface method.

To avoid exposing their customers to such attacks, developers should not assign any unsafe functions. Users, on the other hand, should refrain from downloading applications from untrusted sources.



Leave a Reply

You must be logged in to post a comment.