The Hacker News
A vulnerability in AirDroid application which provides wireless management of your Android phone or tablet from any browser on the same Wi-Fi network allow hackers to perform Dos attack from your Android device.


Cross Site scripting or XSS vulnerability in the browser version of AirDroid allows an attacker is able to send a malicious text message to the browser associated with the account when attacker is able to get access to a phone with AirDroid installed.

According to advisory posted by US-Cert, When this message is viewed on the AirDroid web interface an attacker can conduct a cross-site scripting attack, which may be used to result in information leakage, privilege escalation, and/or denial of service on the host computer.

Vulnerability is currently not patched and also AirDroid team didn't annouce any update regarding fix. As a general good security practice, only allow connections from trusted hosts and networks.

Flaw registered as CVE-2013-0134, and restricting access would prevent an attacker from accessing the AirDroid web interface using stolen credentials from a blocked network location.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.