The Hacker News Logo
Subscribe to Newsletter

Android WebView vulnerability allows hacker to install malicious apps

WebView is an essential component in Android and iOS. It enables applications to display content from online resources and simplifies task of performing a network request, parsing the data and rendering it.

Today AVG Security expert reported a critical vulnerability in Android's WebView feature that allows an attacker to install malicious software, send SMSs and performing more tasks.
WebView uses a number of APIs which can interact with the web contents inside WebView. So this allows the user to view a web application as a part of an ordinary Android application.

Users can be infected when they click on a URL link using a vulnerable application that allows opening a Java enabled browser or web page. The commands in the JavaScript code can enable attackers to install malicious software, send SMSs, steal personal information and more.

To exploit the flaw, attacker can trick users to click a malicious link from a vulnerable WebView application and which will trigger a malicious JavaScript command contained on the same webpage.

All the applications running on Android 4.1 or older could perform malicious tasks and users are advised to upgrade to Android 4.2 or higher and download applications only from Google Play.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.