java/android/webkit/BrowserFrame.java in Android prior to 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows malicious users to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android 4.2 |
||
google android 4.1 |
||
google android 4.0.2 |
||
google android |
||
google android 4.0.4 |
||
google android 4.3 |
||
google android 4.0.1 |
||
google android 4.2.1 |
||
google android 4.0.3 |
||
google android 4.0 |
||
google android 4.2.2 |
||
google android 4.1.2 |
||
lenovo shareit |
There are two crucial features of the Android OS protection system: These approaches greatly complicate malware writers’ lives: to infect a mobile device, they have to resort to ruses of social engineering. The victim is literally tricked into force-installing a Trojan. This is definitely not always possible, as users become more aware, and it is not that easy to trick them. Invisible installation of a malware app onto a mobile device without a user’s knowledge is definitely a daydream of ma...