Android WebView Vulnerability Allows Cybercriminals to Install Malicious Software

AVG Technologies experts have analyzed the security hole

  WebView exploit POC
A vulnerability that impacts the WebView control in Android applications can be leveraged by cybercriminals to install malicious software on users’ devices, researchers warn.

A vulnerability that impacts the WebView control in Android applications can be leveraged by cybercriminals to install malicious software on users’ devices, researchers warn.

According to AVG Technologies experts, the security hole affects devices running versions older than Android 4.2.

Hackers can exploit the flaw by tricking users into clicking on a link from a vulnerable application that allows opening a Java-enabled browser or webpage.

The malicious JavaScript commands contained on this webpage will be automatically executed. The attacker can perform a wide range of actions, including installing software, sending SMSs and stealing personal information.

WebView is used by Android app developers when they want to allow customers to view web applications. The issue identified by AVG researchers is related to the use of the addJavascriptInterface method.

To avoid exposing their customers to such attacks, developers are advised not to assign any unsafe functions. Users, on the other hand, are recommended to refrain from downloading applications from untrusted sources.

Additional technical details are available on AVG’s blog.

Comments