1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Android stock browser vulnerable to URL spoofing

Discussion in 'CSO' started by RSS, May 20, 2015.

  1. RSS

    RSS New Member Member

    A vulnerability in Android's default Web browser lets attackers spoof the URL shown in the address bar, allowing for more credible phishing attacks.

    Google released patches for the flaw in April, but many phones are likely still affected, because manufacturers and carriers typically are slow to develop and distribute Android patches.

    The vulnerability was discovered by a researcher named Rafay Baloch and was privately reported to Google with the help of security firm Rapid7.

    Baloch discovered the flaw on Android 5.0 Lollipop, which uses Chrome as its default browser, but then also confirmed it in the stock browser in older Android versions.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page