Android browser vulnerability plugged by Gingerbread - PhoneArena
Save on Samsung Galaxy S22 Ultra

Android browser vulnerability plugged by Gingerbread

Android
Ken N.
Android browser vulnerability plugged by Gingerbread
Android has become a major player in the mobile community, and is on its way to being the #1 smartphone OS in the world. That also means it's become one of the most likely targets for hackers. Android users have uncovered a vulnerability, in which websites can gain unofficial access to all the information on your SD card.

It works like this: the Android browser doesn't prompt you for permission when it downloads a file. It then saves the file on your SD card, from which it can run JavaScript locally without permission. That JavaScript can then expose your data.

The discovery was originally made by Thomas Cannon, who found that these exploits gained access to whatever is stored on the SD card. For many, that just means music and apps, but it could also include personal photographs, or even sensitive business or personal information.

On the upside, the exploit isn't capable of mining just anything on your device. It has to know the name of what it's looking for, but that could still include ubiquitously named folders like "Music" and "Photos".

The Android team is working on a fix for Gingerbread (Android 2.3), which is expected to be announced on December 6th. Especially considering not all devices will be upgraded to Gingerbread at the outset, you should be wary of suspicious or unknown websites until you receive the update.

source: Android Community via SlashGear

Android Data Stealing Vulnerability from Thomas Cannon on Vimeo.

Loading Comments...

Latest News

Google will most likely not release a successor to Android 12L
Google will most likely not release a successor to Android 12L
Americans are deleting period-tracking apps in droves because of the Roe v Wade ruling
Americans are deleting period-tracking apps in droves because of the Roe v Wade ruling
Amazon once again comes out with an awesome sale on Anker chargers
Amazon once again comes out with an awesome sale on Anker chargers
Yet another UK operator introduces roaming charges for EU travel
Yet another UK operator introduces roaming charges for EU travel
Xiaomi finally reveals the date and time of its new 12S series announcement
Xiaomi finally reveals the date and time of its new 12S series announcement
This $40 device effortlessly replaced my $350 Apple Watch Series 7
This $40 device effortlessly replaced my $350 Apple Watch Series 7

Popular stories

This $40 device effortlessly replaced my $350 Apple Watch Series 7
This $40 device effortlessly replaced my $350 Apple Watch Series 7
Samsung working to bring foldable phones to regular folks with Galaxy A Fold and Flip
Samsung working to bring foldable phones to regular folks with Galaxy A Fold and Flip
An iPhone 14 Pro Max price leak pegs the flagship specs at a higher tag
An iPhone 14 Pro Max price leak pegs the flagship specs at a higher tag
No 120Hz display for iPhone 14: But Apple has a secret for smooth performance (that Android doesn’t)
No 120Hz display for iPhone 14: But Apple has a secret for smooth performance (that Android doesn’t)
'They ripped off our technology': Apple exec stokes rivalry with Samsung
'They ripped off our technology': Apple exec stokes rivalry with Samsung
New report brings unexciting Samsung Galaxy S23 camera news
New report brings unexciting Samsung Galaxy S23 camera news
FCC OKs Cingular\'s purchase of AT&T Wireless