The Hacker News
A vulnerability in AirDroid application which provides wireless management of your Android phone or tablet from any browser on the same Wi-Fi network allow hackers to perform Dos attack from your Android device.

Learn Insider Threat Detection with Application Response Strategies

Discover how application detection, response, and automated behavior modeling can revolutionize your defense against insider threats.

Join Now

Cross Site scripting or XSS vulnerability in the browser version of AirDroid allows an attacker is able to send a malicious text message to the browser associated with the account when attacker is able to get access to a phone with AirDroid installed.

According to advisory posted by US-Cert, When this message is viewed on the AirDroid web interface an attacker can conduct a cross-site scripting attack, which may be used to result in information leakage, privilege escalation, and/or denial of service on the host computer.

Vulnerability is currently not patched and also AirDroid team didn't annouce any update regarding fix. As a general good security practice, only allow connections from trusted hosts and networks.

Flaw registered as CVE-2013-0134, and restricting access would prevent an attacker from accessing the AirDroid web interface using stolen credentials from a blocked network location.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.