WebView is an essential component in Android and iOS. It enables applications to display content from online resources and simplifies task of performing a network request, parsing the data and rendering it.
Today AVG Security expert reported a critical vulnerability in Android’s WebView feature that allows an attacker to install malicious software, send SMSs and performing more tasks.
WebView uses a number of APIs which can interact with the web contents inside WebView. So this allows the user to view a web application as a part of an ordinary Android application.
All the applications running on Android 4.1 or older could perform malicious tasks and users are advised to upgrade to Android 4.2 or higher and download applications only from Google Play.