This blog post indicates the versions of Cordova that address this vulnerability.
https://cordova.apache.org/announcements/2015/05/26/android-402.html There is an upgrade path to 3.7.x and 4.0.x users. On Tue, Jun 9, 2015, 9:39 AM Chuck Lantz <cla...@microsoft.com> wrote: > BTW - The article you list provides potential signs of impact to your > users. > > 1.Tamper app appearance > 2.Inject popups and texts > 3.Inject splash screens > 4.Modify basic functionalities > 5.Crash the app > > 3rd party plugins can also introduce vulnerabilities so the specifics will > depend on your situation. Cordova apps in general are affected. You likely > should consider upgrading to Cordova Android 3.7.2 (if using < 5.0.0) or > 4.0.2 (if using Cordova 5.0.0+) given you likely have a security focused > app. > > -Chuck > > -----Original Message----- > From: Chuck Lantz [mailto:cla...@microsoft.com] > Sent: Tuesday, June 9, 2015 9:07 AM > To: dev@cordova.apache.org > Subject: RE: I have a critical issue for cordova. > > It is a security risk that was identified but impact is not known. > > Fortunately there is a simple workaround. See this article for how to fix > this problem: > https://github.com/Microsoft/cordova-docs/tree/master/tips-and-workarounds/android/security-05-26-2015 > > -Chuck > > -----Original Message----- > From: Domingo Oh [mailto:osys...@gmail.com] > Sent: Monday, June 8, 2015 10:25 PM > To: dev@cordova.apache.org > Subject: I have a critical issue for cordova. > > Hello. > > I am Android Developer in Korea. > > I develop Android application for bank. before I used cordova. > > I saw column at last week. this -> http://goo.gl/ZOSzYw > > > I receive a question for this issue. is it damage to our customer app? > > > So I try 3days. I should find that damage to our customer app. But I can't > find it. That's difficult. > > > I use Cordova. Right. But I use not CordovaActivity. I throw question to > this column(http://goo.gl/ZOSzYw) author. But he don't return to me. So I > find other author. But he too. He don't return to me. > > > Hey. I don't use CordovaActivity. is it damage for our app? Now I > difficult upgrade to app. So I want certain message. > > please certain message for this issue. > > ps. I love Korean. > > > > > Thank you. please fast return. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org > For additional commands, e-mail: dev-h...@cordova.apache.org >
