Software Integrity Blog

Author Archive

Neil Bergman

nbergman


Posts by Neil Bergman:

 

Cordova InAppBrowser remote privilege escalation

Earlier this year, I identified an interesting vulnerability (CVE-2014-0073) in one of Apache Cordova’s core plug-ins (InAppBrowser). Cordova, also sometimes referred to as PhoneGap, is a popular cross-platform mobile framework that allows developers to write mobile applications in JavaScript and HTML. The JavaScript and HTML code executes within the Cordova WebView and has access to […]

Continue Reading...

Posted in Mobile Application Security | Comments Off on Cordova InAppBrowser remote privilege escalation

 

Understanding fragment injection

A colleague asked me about an Android vulnerability called fragment injection because of an article he read [1] and I think its worth diving into the details of the vulnerability. Fragment injection is a classic example of using reflection in an unsafe way (CWE-470) [2]. As in untrusted data from an Intent is used to […]

Continue Reading...

Posted in Mobile Application Security, Web Application Security | Comments Off on Understanding fragment injection