Android 3.0 up to and including 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote malicious users to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android 4.0 |
||
google android 3.2.6 |
||
google android 3.2.4 |
||
google android 3.2.2 |
||
google android 4.0.4 |
||
google android 4.0.2 |
||
google android 3.2 |
||
google android 3.0 |
||
google android 4.1.2 |
||
google android 4.1 |
||
google android 4.0.3 |
||
google android 4.0.1 |
||
google android 3.2.1 |
||
google android 3.1 |
There are two crucial features of the Android OS protection system: These approaches greatly complicate malware writers’ lives: to infect a mobile device, they have to resort to ruses of social engineering. The victim is literally tricked into force-installing a Trojan. This is definitely not always possible, as users become more aware, and it is not that easy to trick them. Invisible installation of a malware app onto a mobile device without a user’s knowledge is definitely a daydream of ma...