Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Google Play, browser flaws expose Android devices to remote code execution

Google Play, browser flaws expose Android devices to remote code execution

2015/02/12

Securityweek - (International) Researchers at Rapid7 reported that vulnerabilities in Google Play due to a lack of appropriate X-Frame-Options (XFO) headers combined with a universal cross-site scripting (UXSS) vulnerability in browsers shipped with Android versions prior to 4.4 (KitKat), or a cross-site scripting (XSS) bug in Google Play, could be leveraged by attackers to remotely install arbitrary Android application packages (APKs) on smartphones. Attacks can be prevented by logging out of the Google account prior to using the affected browsers, or by using Mozilla FireFox or Chrome instead.

Source: http://www.securityweek.com/google-play-browser-flaws-expose-android-devices-remote-code-execution

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:23:26