A vulnerability in airdroid application that provides wireless management of one's android phone or pill from any browser by the same wi-fi network permit hackers to actually perform dos attack from the android device.
cross website scripting or xss vulnerability within the browser version of airdroid allows an attacker is able to actually send a malicious text message in the browser associated in the account when attacker is able to actually get admittance to a phone with airdroid installed.
in line with advisory posted by us-cert, when this message is viewed by the airdroid web interface an attacker will conduct a cross-site scripting attack, that may be taken to actually result in data leakage, privilege escalation, and/or denial of service by the host laptop.
vulnerability is presently not patched in addition to airdroid team didnt annouce any update relating to fix. being a general sensible security observe, just permit connections from trusted hosts and networks.
flaw registered as cve-2013-0134, and restricting access would forestall an attacker from accessing the airdroid web interface using stolen credentials issued from a blocked network location.
0 comments:
Post a Comment