[guardian-dev] Android WebView SOP vulnerability (CVE-2014-6041)
Hans-Christoph Steiner
hans at guardianproject.info
Fri Sep 19 12:16:58 EDT 2014
Nathan of Guardian wrote:
>
>
> On Fri, Sep 19, 2014, at 08:55 AM, Tom Ritter wrote:
>> The way I'd exploit it is by sending you a link via
>> email/txt/chatsecure when I think/hope you're on your phone with some
>> enticing subject like "Someone just dropped a ChatSecure 0day on
>> ExploitDB. That link would send you to a page with some nonsense text
>> that's really long for you to read through. Meanwhile I stuck a
>> couple of iframes hidden on the page that frame gmail, facebook,
>> whatever else is interesting. Anything you're logged in to would
>> allow full page extraction - all your emails, facebook info, etc etc.
>> Add with some crawling through the html and you could extract
>> near-limitless information so long as the victim kept the page open.
>
> Ah, right, thanks. Glad to have devious, criminal minded friends like
> you around, Tom!
Yet another stark reminder that the web only really works with public
information. Running applications on the web is really just a terrible idea
from a security and privacy point of view.
.hc
--
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
More information about the Guardian-dev
mailing list