Intelligence Center » News Archive » Metasploit module released for new UXSS vulnerability in Android browser

Metasploit module released for new UXSS vulnerability in Android browser

Securityweek - (International) An independent researcher in coordination with Rapid7 identified and reported a universal cross-site scripting (UXSS) vulnerability in the default Android browser that could allow an attacker to scrape page contents and cookie data. A Metasploit module for the vulnerability was released, and although Google fixed the issue September 30 many Android users may not receive the fix due to lack of Android version updates.

Source: http://www.securityweek.com/metasploit-module-released-new-uxss-vulnerability-android-browser

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.