Researchers with IBM have discovered what could be a very serious flaw in the Android operating system. The flaw is billed as allowing hackers to intercept web browser operations by injecting JavaScript code into the system.
According to Roee Hay and Yair Amit of IBM's Rational Application Security Research Group, this means that a malicious, non-privileged application could break into the browser URL loading process and its allied sandbox to inject JavaScript.
This is potentially very serious, Infosecurity notes, as the sandbox element of the browser environment seen on Android is supposed to defend the smartphone/tablet platform against this type of attack.
The researchers note that the vulnerability "has the same implications as global XSS, albeit from an installed application rather than another website."
The IBM security researchers go on to say that Android 2.3.5 and 3.2 have been released and which incorporate a fix for this bug.
Patches are also available for Android 2.2 and will, they note, be released at a later date.
According to Roee Hay and Yair Amit of IBM's Rational Application Security Research Group, this means that a malicious, non-privileged application could break into the browser URL loading process and its allied sandbox to inject JavaScript.
This is potentially very serious, Infosecurity notes, as the sandbox element of the browser environment seen on Android is supposed to defend the smartphone/tablet platform against this type of attack.
The researchers note that the vulnerability "has the same implications as global XSS, albeit from an installed application rather than another website."
The IBM security researchers go on to say that Android 2.3.5 and 3.2 have been released and which incorporate a fix for this bug.
Patches are also available for Android 2.2 and will, they note, be released at a later date.
The Researchers have also posted a video about this vulnerability:-
For more information Click Here