[<prev] [next>] [day] [month] [year] [list]
Message-ID: <550C71E5.70409@securify.nl>
Date: Fri, 20 Mar 2015 20:15:49 +0100
From: "Securify B.V." <lists@...urify.nl>
To: fulldisclosure@...lists.org
Subject: [FD] Viber for Android exposes insecure Javascript interface
------------------------------------------------------------------------
Viber for Android exposes insecure Javascript interface
------------------------------------------------------------------------
Yorick Koster, April 2014
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that Viber's Sticker Market is affected by a remote
code execution vulnerability. This is possible because the Market is
loaded over an insecure connection (HTTP) in a WebView that exposes an
insecure Javascript interface. Exploiting this issue allows for the
execution of arbitrary Java code within the privileges of the Viber app.
------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully tested on Viber for Android version
4.3.0.712.
------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
As of Viber version 5.2.0.2415 (released December 15, 2014) the target
SDK was change from API Level 15 to API Level 19. Due to this, this
issue is no longer exploitable devices running Android 4.2 (API Level
17) and newer.
------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20140402/viber_for_android_exposes_insecure_javascript_interface.html
https://vimeo.com/102272421
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists