Software Integrity Blog

Author Archive

Neil Bergman


Posts by Neil Bergman:


Cordova InAppBrowser remote privilege escalation

CVE-2014-0073 is a vulnerability in InAppBrowser, one of Apache Cordova’s core plugins, that allows an attacker to perform remote privilege escalation.

Continue Reading...

Posted in Mobile App Security


Understanding fragment injection

A colleague asked me about an Android vulnerability called fragment injection because of an article he read [1] and I think its worth diving into the details of the vulnerability. Fragment injection is a classic example of using reflection in an unsafe way (CWE-470) [2]. As in untrusted data from an Intent is used to determine which class is instantiated within the target Android application.

Continue Reading...

Posted in Mobile App Security, Web Application Security