Android Web Browser Exposed to Widespread Vulnerability

About 75 percent of Android smartphones contain a vulnerability that lets malicious websites steal users’ data, according to multiple published reports. The vulnerability affects the Android 4.2.1 web browser and any Android web browser released prior to that version. The latest Android web browser, 4.4, is not affected.

The technical problem is that the Same Origin Policy is not being enforced on Android web browser versions 4.2.1 and earlier. This means that any website can read any other website that is simultaneously open -- including cookies and password fields -- and take over the session, according to reports by Forbes and Computer World.

The vulnerability carries potentially severe consequences for those who used the affected browsers to access webmail, ecommerce, banking and other websites that include sensitive financial and personal information.

Activity conducted on the affected browsers may be compromised and sensitive information can be divulged. Essent advises those who access sensitive information using one of the affected browsers to stop using the browser, patch the phone if possible, and change passwords to previously visited websites. To stop this vulnerability, either patch the Android browser (Google released patches available here and here) or use a different web browser, including Mozilla Firefox, Google Chrome, and Internet Explorer.


Share This:
FacebookRedditSlashdotDZoneNetvouzTwitThisLinkedInDiigo