Android WebView vulnerability allows hacker to install malicious apps


WebView is an essential component in Android and iOS. It enables applications to display content from online resources and simplifies task of performing a network request, parsing the data and rendering it.

Today AVG Security expert reported a critical vulnerability in Android’s WebView feature that allows an attacker to install malicious software, send SMSs and performing more tasks.
WebView uses a number of APIs which can interact with the web contents inside WebView. So this allows the user to view a web application as a part of an ordinary Android application.
Users can be infected when they click on a URL link using a vulnerable application that allows opening a Java enabled browser or web page. The commands in the JavaScript code can enable attackers to install malicious software, send SMSs, steal personal information and more.
To exploit the flaw, attacker can trick users to click a malicious link from a vulnerable WebView application and which will trigger a malicious JavaScript command contained on the same webpage.
All the applications running on Android 4.1 or older could perform malicious tasks and users are advised to upgrade to Android 4.2 or higher and download applications only from Google Play.
Advertisements

One thought on “Android WebView vulnerability allows hacker to install malicious apps

  1. Pingback: Mouabad Android Malware calling to Premium numbers :-> Generating revenue for its Master | Hacking with New Ideas

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s