Software Integrity Blog

Author Archive

Neil Bergman

nbergman


Posts by Neil Bergman:

 

Cordova InAppBrowser remote privilege escalation

CVE-2014-0073 is a vulnerability in InAppBrowser, one of Apache Cordova’s core plugins, that allows an attacker to perform remote privilege escalation.

Continue Reading...

Posted in Mobile Application Security | Comments Off on Cordova InAppBrowser remote privilege escalation

 

Understanding fragment injection

A colleague asked me about an Android vulnerability called fragment injection because of an article he read [1] and I think its worth diving into the details of the vulnerability. Fragment injection is a classic example of using reflection in an unsafe way (CWE-470) [2]. As in untrusted data from an Intent is used to determine which class is instantiated within the target Android application.

Continue Reading...

Posted in Mobile Application Security, Web Application Security | Comments Off on Understanding fragment injection