The Android API prior to 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote malicious users to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android api 6.0 |
||
google android api 15.0 |
||
google android api 3.0 |
||
google android api 8.0 |
||
google android api 11.0 |
||
google android api 9.0 |
||
google android api 2.0 |
||
google android api 12.0 |
||
google android api 7.0 |
||
google android api 1.0 |
||
google android api 13.0 |
||
google android api 14.0 |
||
google android api 4.0 |
||
google android api |
||
google android api 5.0 |
||
google android api 10.0 |
There are two crucial features of the Android OS protection system: These approaches greatly complicate malware writers’ lives: to infect a mobile device, they have to resort to ruses of social engineering. The victim is literally tricked into force-installing a Trojan. This is definitely not always possible, as users become more aware, and it is not that easy to trick them. Invisible installation of a malware app onto a mobile device without a user’s knowledge is definitely a daydream of ma...