http://www.csoonline.com/article/2690910/application-security/android-browser-flaw-found-to-leak-data.html
By Antone Gonsalves
CSO
Oct 2, 2014
A security researcher has found another flaw in the Android browser that a
cybercriminal could use to steal sensitive data.
The latest same-origin policy (SOP) bypass vulnerability is the second
discovered by researcher Rafay Baloch, who discovered the first,
CVE-2014-6041, last month.
The vulnerability is in how Javascript is handled by the Android function
responsible for loading frame URLs. The SOP is supposed to prevent
JavaScript from one Web page accessing content from another page.
However, the flaw enables that barrier to be bypassed, so an attacker can
read the content of browser tabs, when the user visits a page controlled
by the attacker.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
